nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nullbite:main
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia
..
compare: nullbite:feature/tmpfiles-workaround
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia

1 Commits
main ... feature/tm

Author SHA1 Message Date
NullBite
ae77cb3e0c
nixos-wsl: commit tmpfiles workaround 
TODO: move impl to system, this isn't even needed on WSL
 2024-12-21 18:06:18 +00:00
145 changed files with 2871 additions and 5773 deletions
Show Stats Expand all files Collapse all files

63
.github/workflows/build-then-cache.yaml vendored
View File

@ -1,63 +0,0 @@
name: Build and upload to Attic cache
on:
push:
branches:
- "main"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86-64_packages:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- run: 'nix develop .#ci --command bash ci/run_builds.sh packages'
build_x86-64:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
# TODO: figure out how to use flake checks and use those to build it
- run: 'nix develop .#ci --command bash ci/run_builds.sh config'

49
.github/workflows/proactive-update.yaml vendored
View File

@ -1,49 +0,0 @@
name: Proactively build and cache flake
on:
schedule:
- cron: "0 */6 * * *"
push:
branches:
- "force-build"
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: |
keep-going = true
fallback = true
- uses: DeterminateSystems/flake-checker-action@v9
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
- run: 'nix flake update'
- run: 'nix develop .#ci --command bash ci/run_builds.sh'

26
README.md
View File

@ -1,16 +1,8 @@
# NullBite's NixOS Config
Preface: the current structure of this flake scares me a bit. I have added
[flake-parts](https://github.com/hercules-ci/flake-parts) to this repository
and I plan to modularize it in the same way I refactored my actual NixOS and
Home Manager configurations. This repository used to be *a lot worse* because
it was my very first Nix project, but I have learned a lot about both Nix and
programming in general in this span of time.
## Overview
This is my personal NixOS config. Right now, it's just a <del>basic</del>
extremely ~~overengineered~~ messy flake which imports a (mostly) normal stock NixOS configuration.
extremely overengineered flake which imports a (mostly) normal stock NixOS configuration.
Now that I have used NixOS for a ~~month~~ year, I have learned a fair bit and have made
Now that I have used NixOS for a month, I have learned a fair bit and have made
some organizational changes. <del>Currently, the repository is organized as
such</del> (I am in the process of migrating my config to this format, some
stuff may not match yet):
@ -71,13 +63,13 @@ stuff may not match yet):
## TODO
- ~~Reorganize repo to use a more "standard" module layout.~~
- ~~[github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.~~
- ~~Select entire desktop configuration via a single option and make bootable with specialisation.~~
- ~~Give each desktop a modularized configuration that can be enabled with an option.~~
- ~~figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.~~
- Reorganize repo to use a more "standard" module layout.
- [github:Misterio77/nix-config](https://github.com/Misterio77/nix-config) might be a good reference for a better module layout.
- Select entire desktop configuration via a single option and make bootable with specialisation.
- Give each desktop a modularized configuration that can be enabled with an option.
- figure out nixpkgs.lib.options.mkOption and add a string option that picks a desktop to use.
- add Plasma, Hyprland, and maybe GNOME if I'm feeling silly (I'd probably never actually use it).
- ~~make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.~~
- make more things configurable as options once I figure out the above, it's probably cleaner than importing modules.
- Reorganize README bullets into headings
- make system ephemeral/stateless
- The following command is able to successfully show any accumulated state on my system: <pre><code>sudo find / -xdev \( -path /home -o -path /nix -o -path /boot \) -prune -o \( -name flatpak -o -name boot.bak -o -path /var/log -o -name .cache \) \( -prune -print \) -o \( -type f \) -print</code></pre>
@ -93,4 +85,4 @@ stuff may not match yet):
- coredumps
- /root user and /home
- /etc/machine-id
- ~~configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)~~
- configure /etc/supergfxd.conf with a oneshot systemd unit on boot bsaed on selected specialisation (should still be modifiable with supergfxctl but should be ephemeral)

82
ci/run_builds.sh
View File

@ -1,82 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2317
# ^ SC2317 (Command appears to be unreachable.)
set -Exo pipefail
err=0
set_error () {
err=1
pkill -s 0 -9 nix-eval-jobs || true
}
trap set_error ERR
system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
run_builds () {
for i in "$@" ; do
nix-fast-build --eval-workers 1 --no-nom --skip-cache --attic-cache main -f "$i"
pkill -s 0 -9 nix-eval-jobs || true
done
}
_build_systems () {
case "$system" in
# TODO this is messy and hard-coded, make an attribute set for
# each system containing the specializations as well as the nospec ver
x86_64-linux) run_builds \
.\#nixosConfigurations.nullbox.config.specialisation.hyprland.configuration.system.build.toplevel \
.\#nospec.nullbox.config.system.build.toplevel \
.\#nixosConfigurations.slab.config.specialisation.{hyprland,nvidia}.configuration.system.build.toplevel \
.\#nospec.slab.config.system.build.toplevel \
.\#nixosConfigurations.nixos-wsl.config.system.build.toplevel \
;;
aarch64-linux) run_builds \
.\#nixosConfigurations.rpi4.config.system.build.toplevel \
;;
esac
}
build_systems () {
# system should be set in `nix develop` but just in case
local system
system="${system:-$(nix eval --impure --raw --expr 'builtins.currentSystem')}"
#nix eval --json .#legacyPackages."${system}".specialisedNixosConfigurations --apply 'builtins.attrNames' \
# | jq -c '.[]' \
# | while read -r line ; do
# local build
# build="$(printf '%s' "$line" | jq -r)"
# run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations.${build}"
# done
run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations"
}
build_packages () {
run_builds .\#packages."${system}".redlib
}
if [[ "$#" -ne 0 ]] ; then
until [[ "$#" -le 0 ]]; do
case "$1" in
pkgs|packages) DO_PACKAGES=1;;
config) DO_CONFIG=1;;
esac
shift
done
else
DO_PACKAGES=1
DO_CONFIG=1
fi
if [[ -n "${DO_CONFIG:+x}" ]] ; then build_systems; fi
if [[ -n "${DO_PACKAGES:+x}" ]] ; then build_packages; fi
exit $err

118
ci/util_free_space_extreme.sh
View File

@ -1,118 +0,0 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -eux
df -h
echo "::group::/usr/local/*"
du -hsc /usr/local/*
echo "::endgroup::"
# ~1GB
sudo rm -rf \
/usr/local/aws-sam-cil \
/usr/local/julia* || :
echo "::group::/usr/local/bin/*"
du -hsc /usr/local/bin/*
echo "::endgroup::"
# ~1GB (From 1.2GB to 214MB)
sudo rm -rf \
/usr/local/bin/aliyun \
/usr/local/bin/azcopy \
/usr/local/bin/bicep \
/usr/local/bin/cmake-gui \
/usr/local/bin/cpack \
/usr/local/bin/helm \
/usr/local/bin/hub \
/usr/local/bin/kubectl \
/usr/local/bin/minikube \
/usr/local/bin/node \
/usr/local/bin/packer \
/usr/local/bin/pulumi* \
/usr/local/bin/sam \
/usr/local/bin/stack \
/usr/local/bin/terraform || :
# 142M
sudo rm -rf /usr/local/bin/oc || : \
echo "::group::/usr/local/share/*"
du -hsc /usr/local/share/*
echo "::endgroup::"
# 506MB
sudo rm -rf /usr/local/share/chromium || :
# 1.3GB
sudo rm -rf /usr/local/share/powershell || :
echo "::group::/usr/local/lib/*"
du -hsc /usr/local/lib/*
echo "::endgroup::"
# 15GB
sudo rm -rf /usr/local/lib/android || :
# 341MB
sudo rm -rf /usr/local/lib/heroku || :
# 1.2GB
sudo rm -rf /usr/local/lib/node_modules || :
echo "::group::/opt/*"
du -hsc /opt/*
echo "::endgroup::"
# 679MB
sudo rm -rf /opt/az || :
echo "::group::/opt/microsoft/*"
du -hsc /opt/microsoft/*
echo "::endgroup::"
# 197MB
sudo rm -rf /opt/microsoft/powershell || :
echo "::group::/opt/hostedtoolcache/*"
du -hsc /opt/hostedtoolcache/*
echo "::endgroup::"
# 5.3GB
sudo rm -rf /opt/hostedtoolcache/CodeQL || :
# 1.4GB
sudo rm -rf /opt/hostedtoolcache/go || :
# 489MB
sudo rm -rf /opt/hostedtoolcache/PyPy || :
# 376MB
sudo rm -rf /opt/hostedtoolcache/node || :
# Remove Web browser packages
# sudo apt purge -y \
# firefox \
# google-chrome-stable \
# microsoft-edge-stable
#
# this works better on arm
for i in firefox \
google-chrome-stable \
microsoft-edge-stable ; do
sudo apt purge -y "$i" || :
done
## extras
sudo rm -rf /home/runner/.rustup \
/home/runner/.cargo \
/home/linuxbrew \
/usr/lib/google-cloud-sdk \
/usr/lib/jvm \
/usr/lib/mono \
/usr/lib/heroku \
/usr/share/swift \
/usr/share/dotnet \
/opt/microsoft/msedge \
/opt/google/chrome \
/usr/lib/firefox \
/usr/local/.ghcup
df -h

15
default.nix
View File

@ -1,15 +0,0 @@
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.flake-compat;
in
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
)
{src = ./.;}
)
.defaultNix

765
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

707
flake.nix
View File

@ -1,32 +1,16 @@
# vim: set foldmethod=marker:
{
description = "NixOS Configuration";
inputs = {
# {{{
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
# ^^^^^^^^^^^^^ this part is optional
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
# ^^^^^^^^^^^^^ this part is optional
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-nix-du.url = "github:NixOS/nixpkgs/c933cf4698e5189b35dd83bf4d7a81aef16d464a";
nixpkgs-mopidy.url = "github:NixOS/nixpkgs/93ff48c9be84a76319dac293733df09bbbe3f25c";
# this seems to be a popular way to declare systems
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# this is nice so one-off impure scripts can interact with attributes in
# this flake
flake-compat = {
url = "github:edolstra/flake-compat";
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -60,7 +44,7 @@
# https://github.com/nix-community/lanzaboote/releases
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -85,11 +69,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
@ -121,324 +100,378 @@
inputs.nixpkgs.follows = "nixpkgs";
inputs.systems.follows = "systems";
};
}; # }}}
};
outputs = {
self,
flake-parts,
...
} @ inputs:
flake-parts.lib.mkFlake {inherit inputs;} (
outputs = { self, nixpkgs, nixpkgs-unstable, ... }@inputs:
let
inherit (self) outputs;
# inputs is already defined
lib = nixpkgs.lib;
systems = [ "x86_64-linux" "aarch64-linux" ];
overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in lib.composeExtensions
normal
(final: prev: let
x=quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
in [
(final: prev: let
packages = import ./pkgs { inherit (prev) pkgs; };
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
})
# various temporary fixes that automatically revert
self.overlays.mitigations
# auto backports from nixpkgs unstable
self.overlays.backports
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
# inputs.hypridle.overlays.default
(final: prev: { inherit (inputs.hypridle.packages.${prev.system}) hypridle; })
];
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let _username=username; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _ : {},
rootModule ? (import ./home/root.nix),
userModules ? { ${username} = [ module ] ; root = [ rootModule ]; },
stateVersion }:
{ config, lib, pkgs, ... }:
let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {...}:
{
imports = [
./home
] ++ modules;
config = {
home = { inherit stateVersion; };
};
});
users = mapUserModules userModules;
in
{
inputs,
self,
config,
lib,
nixfiles-lib,
...
} @ flakeArgs: {
# flake-parts imports
imports = [
./flake
./lib/nixfiles/module.nix
./pkgs/module.nix
./overlays
inputs.treefmt-nix.flakeModule
home-manager.nixosModules.home-manager
];
config = {
# flake-parts systems (still uses nix-systems)
systems = import inputs.systems;
# expose vars to nix repl
debug = lib.mkDefault true;
perSystem = {
config,
system,
pkgs,
self',
...
}: {
treefmt = {
programs = {
alejandra.enable = true;
};
};
legacyPackages.specialisedNixosConfigurations = let
attrs = lib.pipe self.nixosConfigurations [
(lib.filterAttrs (n: v: !(builtins.elem n ["iso" "rpi4-x86_64"])))
(lib.filterAttrs (n: v: v.pkgs.system or "" == system))
(lib.mapAttrs' (configName: v: let
nospec =
(v.extendModules {
modules = [
({lib, ...}: {
config.specialisation = lib.mkForce {};
})
];
})
.config;
configs =
(
lib.mapAttrs'
(n: v: lib.nameValuePair "specialisation-${n}" v.configuration)
v.config.specialisation
)
// {inherit nospec;};
in
lib.nameValuePair configName configs))
(
lib.concatMapAttrs (
configName: v:
(
lib.mapAttrs' (
specName: v: lib.nameValuePair "${configName}--${specName}" v
)
)
v
)
)
(lib.mapAttrs (_: v: v.system.build.toplevel))
];
in
attrs;
devShells = {
ci = pkgs.mkShell {
buildInputs = with pkgs; [
jq
nix-update
nix-fast-build
];
};
default = let
formatter =
pkgs.runCommandNoCC "flake-formatter" {
formatter = lib.getExe self'.formatter;
} ''
mkdir -p $out/bin
ln -s "$formatter" "$out/bin/formatter"
'';
in
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nix-update
formatter
inputs.agenix.packages.${system}.default
];
};
};
};
nixfiles = {
vars = {
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "America/New_York";
};
common.overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in
lib.composeExtensions
normal
(final: prev: let
x = quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
packagesOverlay = final: prev: let
packages = import ./pkgs {inherit (prev) pkgs;};
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
};
zen-browser-overlay = final: prev: let
inherit (final) system callPackage;
input = inputs.zen-browser;
packages = input.packages.${system};
sources = builtins.fromJSON (builtins.readFile (input + "/sources.json"));
warnExists = name: value: let
pass =
if prev ? ${name}
then builtins.warn "zen-browser-overlay: Package `${name}` already exists. This overlay is no longer needed and should be removed." value
else value;
in
pass;
in {
zen-browser-bin = callPackage packages.zen-browser.override {};
zen-browser-unwrapped = warnExists "zen-browser-unwrapped" (callPackage packages.zen-browser-unwrapped.override {
inherit (sources.${system}) hash url;
inherit (sources) version;
});
};
in [
# TODO delete this, transfer all packages to new-packages overlay
packagesOverlay
self.overlays.new-packages
# various temporary fixes that automatically revert
self.overlays.mitigations
# auto backports from nixpkgs unstable
self.overlays.backports
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
zen-browser-overlay
];
systems = {
slab.system = "x86_64-linux";
nullbox.system = "x86_64-linux";
rpi4.system = "aarch64-linux";
nixos-wsl = {
system = "x86_64-linux";
wsl = true;
};
# for eval testing
rpi4-x86_64 = {
system = "x86_64-linux";
name = "rpi4";
modules = [
{
nixpkgs.hostPlatform = "x86_64-linux";
}
];
};
}; # end systems
};
flake = let
# {{{
inherit (nixfiles-lib.flake-legacy) mkSystem mkWSLSystem mkISOSystem mkHome;
inherit (inputs) nixpkgs nixpkgs-unstable;
inherit (self) outputs;
inherit (config.nixfiles.vars) username mobileTimeZone;
# inputs is already defined
lib = nixpkgs.lib;
# function to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
# }}}
in {
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (
system: {
iso = let
isoSystem = mkISOSystem system;
in
isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system:
import ./pkgs/apps.nix
{
inherit (self.outputs) packages;
inherit system;
});
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
}; # end nixosConfigurations
nospec = lib.mapAttrs (n: v:
v.extendModules {
modules = [
(
{lib, ...}: {specialisation = lib.mkForce {};}
)
];
})
config.flake.nixosConfigurations;
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
username = "root";
homeDirectory = "/root";
config = {pkgs, ...}: {
programs.bash.enable = true;
# update nix system-wide since it's installed via root profile
home.packages = with pkgs; [btdu nix];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nullbite@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
config = {pkgs, ...}: {
programs = {
zsh.enable = false;
keychain.enable = false;
};
home.packages = with pkgs; [btdu];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"deck" = mkHome {
system = "x86_64-linux";
stateVersion = "23.11";
username = "deck";
modules = [./users/deck/home.nix];
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"testuser" = mkHome {
username = "testuser";
system = "x86_64-linux";
modules = [./users/testuser/home.nix];
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nix-on-droid" = mkHome {
username = "nix-on-droid";
homeDirectory = "/data/data/com.termux.nix/files/home";
modules = [./users/nix-on-droid/home.nix];
system = "aarch64-linux";
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
}
); # end outputs
}
# end flake
};
# TODO rewrite this so it follows the same wrapper pattern as mkHome
# This function produces a nixosSystem which imports configuration.nix and
# a Home Manager home.nix for the given user from ./hosts/${hostname}/
mkSystemN = let
_username = username;
_overlays = overlays;
in { nixpkgs ? inputs.nixpkgs,
home-manager ? inputs.home-manager,
username ? _username,
entrypoint ? ./system,
modules ? [ ],
stateVersion ? null,
config ? { },
overlays ? _overlays,
system,
... }@args: let
_modules = [ entrypoint config ] ++ modules ++ [{
nixpkgs.config = {
inherit overlays;
allowUnfree = true;
};
}] ++ lib.optional (args ? stateVersion) { config.system.stateVersion = stateVersion; };
in nixpkgs.lib.nixosSystem {
};
mkSystem = let _username=username; _overlays=overlays; _nixpkgs=nixpkgs;
in { system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [] }:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./system
({pkgs, config, lib, ...}@args:
{
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
nix.settings.experimental-features = ["nix-command" "flakes" ];
})
./hosts/${hostname}/configuration.nix
(homeManagerInit {
inherit nixpkgs home-manager;
module = import ./hosts/${hostname}/home.nix;
inherit username system stateVersion;
})
] ++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
mkWSLSystem = let _username=username; in
{username ? _username, extraModules ? [], ...}@args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
mkISOSystem = system: inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
# Make a home-manager standalone configuration. This implementation is
# better than mkSystem because it extends homeManagerConfiguration.
mkHome = let
_home-manager = inputs.home-manager;
_nixpkgs = inputs.nixpkgs;
_username = username;
in { home-manager ? _home-manager,
nixpkgs ? _nixpkgs,
username ? _username,
homeDirectory ? "/home/${username}",
entrypoint ? ./home/standalone.nix,
modules ? [ ],
stateVersion ? null,
config ? { },
system,
... }@args: let
_modules = [ entrypoint ] ++ modules ++ [ config ] ++ [
{
config = {
home = {
inherit username homeDirectory;
};
nixpkgs.config = {
allowUnfree = true;
};
};
}
] ++ lib.optional (args ? stateVersion) { config.home.stateVersion = stateVersion; };
in home-manager.lib.homeManagerConfiguration ({
modules = _modules;
pkgs = import nixpkgs {inherit system overlays; };
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
# this is needed because modules don't use the default arg for some reason???
osConfig = {};
};
} // builtins.removeAttrs args
[ "system" "nixpkgs" "home-manager" "modules" "username" "homeDirectory" "stateVersion" "entrypoint" "config" ]);
in {
# for repl debugging via :lf .
inherit inputs vars;
devShells = eachSystem (system: let
pkgs = import nixpkgs-unstable { inherit system; };
in {
default = pkgs.mkShell {
buildInputs = with pkgs; [
nix-update
inputs.agenix.packages.${system}.default
];
};
});
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (system: let pkgs = import nixpkgs-unstable { inherit system; };
in (
import ./pkgs { inherit pkgs; }) // {
iso = let
isoSystem = mkISOSystem system;
in isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system: import ./pkgs/apps.nix
{ inherit (self.outputs) packages; inherit system; });
overlays = import ./overlays self;
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
slab = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "slab";
stateVersion = "23.11";
};
nullbox = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
hostname = "nullbox";
stateVersion = "23.11";
};
nixos-wsl = mkWSLSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "23.11";
hostname = "nixos-wsl";
};
# for eval testing
rpi4-x86_64 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "24.11";
hostname = "rpi4";
extraModules = [{
nixpkgs.hostPlatform = "x86_64-linux";
}];
};
rpi4 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "aarch64-linux";
stateVersion = "24.11";
hostname = "rpi4";
};
}; # end nixosConfigurations
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
username = "root";
homeDirectory = "/root";
config = { pkgs, ...}: {
programs.bash.enable = true;
# update nix system-wide since it's installed via root profile
home.packages = with pkgs; [ btdu nix ];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nullbite@rpi4" = mkHome {
system = "aarch64-linux";
stateVersion = "23.11";
config = { pkgs, ...} : {
programs = {
zsh.enable = false;
keychain.enable = false;
};
home.packages = with pkgs; [ btdu ];
};
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"deck" = mkHome {
system = "x86_64-linux";
stateVersion = "23.11";
username = "deck";
modules = [ ./users/deck/home.nix ];
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"testuser" = mkHome {
username = "testuser";
system = "x86_64-linux";
modules = [ ./users/testuser/home.nix ];
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
"nix-on-droid" = mkHome {
username = "nix-on-droid";
homeDirectory = "/data/data/com.termux.nix/files/home";
modules = [ ./users/nix-on-droid/home.nix ];
system = "aarch64-linux";
stateVersion = "23.11";
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
};
};
}; # end outputs
} # end flake

31
flake/TODO.md
View File

@ -1,31 +0,0 @@
# flake-parts TODO
- Move logic for generating system/home configs to module (most important,
reason i wanted to use flake-parts)
- Move common default args from the awful wrapper function to dedicated options:
- default module imports
- "common" module
- currently defines stateVersion, nixpkgs.config.allowUnfree, a few others
- make default module path configurable, but still default to
`./hosts/${hostname}/configuration.nix`
- make "entrypoint" (`./system`, `./home/standalone.nix`, etc) configurable
- make nixfiles home manager initialization a configurable option
- specialArgs (i want to deprecate this but one thing at a time)
- define system "types" and generate all of them internally using lazy
eval. export a specific one to the flake outputs.
- generate as something like `nixfiles.hosts.<name>.outputs`
- `flake.nixosConfigurations.<name>` is set from `nixfiles.hosts.<name>.output`
- default chosen by option like `nixfiles.hosts.<name>.type`
- types:
- normal
- WSL
- ISO image
- define deploy-rs outputs in same section as hosts
- make common, central interface for configuring overlays to be consumed by
various parts of flake, move hard-coded overlays out of common module
- literally just a list, maybe process it using lib.composeManyExtensions
- some top-level config is okay (e.g., defining hosts using nixfiles options).
hide away all of the internal logic into imported modules.
- move random functions into nixfiles lib
- move top-level universal configs (username, mobileTimeZone) into option
(honestly, this alone makes flake-parts worth it)

9
flake/default.nix
View File

@ -1,9 +0,0 @@
{...}: {
imports = [
./packages.nix
./home.nix
./system.nix
./meta.nix
./overlays.nix
];
}

1
flake/home.nix
View File

@ -1 +0,0 @@
{...}: {}

11
flake/meta.nix
View File

@ -1,11 +0,0 @@
{
config,
lib,
...
}: {
options.nixfiles.vars = lib.mkOption {
description = "Global variables";
type = lib.types.attrs;
default = {};
};
}

19
flake/overlays.nix
View File

@ -1,19 +0,0 @@
{
config,
lib,
inputs,
...
}: let
overlayType = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
in {
options.nixfiles.common.overlays = lib.mkOption {
description = "List of overlays shared between various parts of the flake.";
type = lib.types.listOf overlayType;
default = [];
};
}

2
flake/packages.nix
View File

@ -1,2 +0,0 @@
{...}: {
}

258
flake/system.nix
View File

@ -1,258 +0,0 @@
{
config,
options,
lib,
nixfiles-lib,
inputs,
self,
...
}: let
cfg = config.nixfiles.systems;
inherit
(lib)
types
mkOption
mkIf
filterAttrs
mapAttrs
;
inherit (builtins) attrNames isNull;
inherit (nixfiles-lib.flake-legacy) mkSystem mkHome mkWSLSystem mkISOSystem homeManagerInit;
inherit (nixfiles-lib.types) mkCheckedType;
mkConfigurationOption = systemType:
mkOption {
description = "${systemType} configuration type";
type = with types; nullOr mkCheckedType "configuration";
default = null;
};
in {
options.nixfiles.systems = let
systemModule = let
outerConfig = config;
outerOptions = options;
in
{
name,
config,
...
}: {
options = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to install this configuration into the flake outputs.
'';
default = true;
};
nixpkgs = mkOption {
description = "nixpkgs input to build system with";
type = nixfiles-lib.types.flake;
default = inputs.nixpkgs-unstable;
};
extraConfig = mkOption {
description = ''
Arguments to pass to nixpkgs.lib.nixosSystem
'';
type = types.attrs;
default = {};
};
system = mkOption {
description = "Nix system value";
type = types.str;
example = "x86_64-linux";
};
modules = mkOption {
description = "Extra NixOS configuration modules.";
type = with types; listOf deferredModule;
default = [];
};
name = mkOption {
description = ''
Name of NixOS configuration. This influences the default
directory to load configuration from. This does *not* modify the
system's hostname, but should probably be set to the same value.
'';
type = lib.types.str;
default = name;
};
configRoot = mkOption {
description = "Path to directory containing system and home configuration modules.";
type = lib.types.path;
default = self + "/hosts/${config.name}";
};
configuration = mkOption {
description = "Path/module of main NixOS configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/configuration.nix";
};
home-manager = {
enable =
lib.mkEnableOption ""
// {
description = ''
Whether to enable home-manager for this configuration.
'';
default = true;
};
input = mkOption {
description = "home-manager input";
type = nixfiles-lib.types.flake;
default = inputs.home-manager-unstable;
};
configuration = mkOption {
description = "Path/module of main home-manager configuration.";
type = with types; nullOr deferredModule;
default = config.configRoot + "/home.nix";
};
modules = mkOption {
description = "Extra home-manager modules";
type = with types; listOf deferredModule;
};
};
wsl =
lib.mkEnableOption ""
// {
description = ''
Whether to import WSL related configuration
'';
};
result = lib.mkOption {
description = "Resulting system configuration";
type = with types; nullOr (mkCheckedType "configuration");
};
};
config = {
home-manager.input = lib.mkIf (config.nixpkgs == inputs.nixpkgs) (lib.mkDefault inputs.home-manager);
modules = let
nixfilesModule = self + "/system";
defaultsModule = {...}: {
# Values for every single system that would not conceivably need
# to be made modular
# this should be set in the system config
# system.stateVersion = stateVersion;
nixpkgs = {
inherit (outerConfig.nixfiles.common) overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
# this should be on by default and there is no reason to turn it
# off because this flake will literally stop working otheriwse
nix.settings.experimental-features = ["nix-command" "flakes"];
};
wslModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = outerConfig.nixfiles.vars.username;
};
homeManagerModule = let
homeManagerModuleInner = homeManagerInit {
inherit (config) nixpkgs system;
inherit (outerConfig.nixfiles.vars) username;
home-manager = config.home-manager.input;
module =
if (isNull config.home-manager.configuration)
then {}
else config.home-manager.configuration;
};
in
{
config,
pkgs,
lib,
...
}: let
perUserDefaultsModule = {lib, ...}: {
config = {
# previously, home-manager inherited stateVersion from
# nixos in a really hacky way that depended on the wrapper
# function. this should preserve that behavior in a much
# safer way by directly setting it in a module. ideally, it
# should probably be set manually, but I want to maintain
# backwards compatibility for now.
home.stateVersion = lib.mkDefault config.system.stateVersion;
# pass the system nixpkgs config as defaults for the
# home-manager nixpkgs config. useGlobalPkgs prevents
# setting overlays at the home level; this allows for doing
# that while inheriting the system overlays.
nixpkgs = {
config = lib.mapAttrs (n: v: lib.mkDefault v) config.nixpkgs.config;
# mkOrder 900 is after mkBefore but before default order
overlays = lib.mkOrder 900 config.nixpkgs.overlays;
};
};
};
in {
imports = [
# TODO placeholder using old function
homeManagerModuleInner
];
options.home-manager.users = lib.mkOption {
type = with lib.types; attrsOf (submodule perUserDefaultsModule);
};
};
in
[
nixfilesModule
defaultsModule
]
++ lib.optional (!(isNull config.configuration)) config.configuration
++ lib.optional config.home-manager.enable homeManagerModule
++ lib.optional config.wsl wslModule;
extraConfig = {
inherit (config) system modules;
# TODO get rid of specialArgs and pass things as a module
specialArgs = let
inherit (self) outputs;
in {
inherit inputs outputs;
inherit (outerConfig.nixfiles) vars;
inherit (config) nixpkgs;
inherit (config.home-manager) input;
};
};
result = config.nixpkgs.lib.nixosSystem config.extraConfig;
};
};
in
lib.mkOption {
description = ''
NixOS system configurations
'';
type = with types; attrsOf (submodule systemModule);
default = {};
};
config = {
flake.nixosConfigurations = let
enabledSystems = filterAttrs (n: v: v.enable) cfg;
in
mapAttrs (_: v: v.result) enabledSystems;
};
}

4
home/common/default.nix
View File

@ -1,9 +1,9 @@
{...}: {
{...}:
{
imports = [
./wm
./nodm.nix
./nix.nix
./theme.nix
./shell.nix
];
}

11
home/common/nix.nix
View File

@ -1,12 +1,5 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
nixpkgs,
...
}: let
{ pkgs, lib, config, osConfig ? { }, options, nixpkgs, ... }:
let
cfg = config.nixfiles.common.nix;
standalone = !(osConfig ? home-manager);
in {

43
home/common/nodm.nix
View File

@ -1,35 +1,28 @@
{
lib,
pkgs,
config,
osConfig ? {},
options,
...
}: let
{ lib, pkgs, config, osConfig ? {}, options, ... }:
let
cfg = config.nixfiles.common.nodm;
in {
in
{
config = let
hyprland = "${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty = "${pkgs.coreutils}/bin/tty";
initCommands = ''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in
lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
hyprland="${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty="${pkgs.coreutils}/bin/tty";
initCommands =
''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
options.nixfiles.common.nodm = {
enable = lib.mkOption {
type = lib.types.bool;
description = "Whether to automatically start a desktop session on TTY1, behaving like a rudimentary display manager.";
default =
osConfig
? systemd
default = osConfig ? systemd
&& config.nixfiles.meta.graphical
&& (!(
(osConfig.systemd.services.display-manager.enable or false)

70
home/common/shell.nix
View File

@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkOption mkEnableOption mkIf mkDefault;
cfg = config.nixfiles.common.shell;
common_functions = shell: ''
__nixfiles_alias_comma_frequent_commands () {
history | sed 's:^ \+[0-9]\+ \+::' | grep '^,' | cut -d' ' -f2- | sed 's:^\(-[^ ]\+ \?\)\+::g' | grep . | cut -d' ' -f1 | sort | uniq -c | sort -g
}
'';
in {
options.nixfiles.common.shell = {
enable =
lib.mkEnableOption ""
// {
description = "Whether to enable the nixfiles shell configuration.";
};
};
config = mkIf cfg.enable {
home.shellAliases = {
v = "nvim";
icat = "kitten icat";
srun = "systemd-run";
urun = "systemd-run --user";
# this lets me find commands that i run with comma very frequently so i
# can install them
comma-frequent = "__nixfiles_alias_comma_frequent_commands";
};
programs.fzf.enable = mkDefault true;
programs.fzf.enableZshIntegration = mkDefault true;
programs.fzf.enableBashIntegration = mkDefault true;
programs.bash = {
enable = mkDefault true;
# declare functions at start of bashrc
bashrcExtra = common_functions "bash";
initExtra = ''
export HOME_MANAGER_MANAGED=true;
[[ -e ~/dotfiles/shell/.bashrc ]] && . ~/dotfiles/shell/.bashrc ]]
unset HOME_MANAGERR_MANAGED
'';
};
programs.zsh = {
enable = mkDefault true;
initExtra =
''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
''
+ common_functions "zsh";
oh-my-zsh = {
enable = mkDefault true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
};
};
}

68
home/common/theme.nix
View File

@ -1,51 +1,35 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s:
with lib.strings;
with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s) - 1) s);
toCaps = s: with lib.strings; with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s)-1) s);
inherit (lib.strings) toUpper toLower;
mkCtp = flavor: accent:
with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override {
variant = toLower flavor;
accent = toLower accent;
};
icons = catppuccin-papirus-folders.override {
flavor = toLower flavor;
accent = toLower accent;
};
gtk = catppuccin-gtk.override {
variant = toLower flavor;
accents = [(toLower accent)];
};
mkCtp = flavor: accent: with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override { variant = toLower flavor; accent = toLower accent; };
icons = catppuccin-papirus-folders.override { flavor = toLower flavor; accent = toLower accent; };
gtk = catppuccin-gtk.override { variant = toLower flavor; accents = [ (toLower accent) ]; };
};
};
ctp = with cfg.catppuccin; mkCtp flavor accent;
in {
options.nixfiles.theming = {
options.nixfiles.theming = {
enable = lib.mkEnableOption "nixfiles theming options";
catppuccin = {
@ -70,11 +54,9 @@ in {
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = with pkgs;
[
ubuntu_font_family
]
++ lib.mapAttrsToList (k: v: v) ctp.packages;
home.packages = with pkgs; [
ubuntu_font_family
] ++ lib.mapAttrsToList (k: v: v) ctp.packages;
gtk = {
enable = true;

45
home/common/wm/default.nix
View File

@ -1,22 +1,17 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
...
}: let
{ pkgs, lib, config, osConfig ? {}, options, ...}:
let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
in
{
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
autostart = lib.mkOption {
description = "List of window manager agnostic commnads to run at window manager startup";
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam -silent"];
default = [ ];
example = [ "steam -silent" ];
};
};
@ -56,14 +51,8 @@ in {
nwg-displays
# very consistent (ok it's actually a little better now)
(catppuccin-papirus-folders.override {
accent = "mauve";
flavor = "mocha";
})
(pkgs.catppuccin-kvantum.override {
accent = "mauve";
variant = "mocha";
})
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "mauve"; variant = "mocha"; })
catppuccin-cursors.mochaMauve
arc-theme
@ -84,19 +73,19 @@ in {
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = ["firefox.desktop"];
in
mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
defaultBrowser = [ "firefox.desktop" ];
in mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {

14
home/common/wm/keybinds.nix
View File

@ -1,16 +1,12 @@
{
pkgs,
config,
lib,
outputs,
...
}: let
{ pkgs, config, lib, outputs, ... }:
let
df = lib.mkDefault;
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) value);
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) (value));
# not rewriting this rn
keysetting = "${outputs.packages.${pkgs.system}.wm-helpers}/bin/keysetting";
in {
in
{
options.nixfiles.common.wm = {
keybinds = lib.mkOption {
description = ''

22
home/default.nix
View File

@ -1,18 +1,10 @@
{
pkgs,
config,
lib,
options,
osConfig ? {},
nixpkgs,
home-manager,
inputs,
...
} @ args: let
{ pkgs, config, lib, options, osConfig ? { }, nixpkgs, home-manager, inputs, ... }@args:
let
isStandalone = osConfig ? home-manager;
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in {
in
{
imports = [
./common
./package-sets
@ -33,7 +25,7 @@ in {
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) {inherit pkgs;};
default = (import ../lib/nixfiles) { inherit pkgs; };
readOnly = true;
};
@ -61,13 +53,13 @@ in {
meta.graphical = lib.mkOption {
description = "Whether to enable graphical home-manager applications";
type = lib.types.bool;
default = osConfig ? services && osConfig.services.xserver.enable;
default = (osConfig ? services && osConfig.services.xserver.enable);
example = true;
};
meta.wayland = lib.mkOption {
description = "Whether to prefer wayland packages and configuration";
type = lib.types.bool;
default = (lib.hasAttrByPath ["nixfiles" "meta" "wayland"] osConfig) && osConfig.nixfiles.meta.wayland;
default = (lib.hasAttrByPath [ "nixfiles" "meta" "wayland" ] osConfig) && osConfig.nixfiles.meta.wayland;
example = true;
};

60
home/package-sets/communication.nix
View File

@ -1,12 +1,10 @@
{
pkgs,
lib,
config,
osConfig ? {},
inputs,
...
}: let
{ pkgs, lib, config, osConfig ? {}, inputs, ... }:
let
cfg = config.nixfiles.packageSets.communication;
rustdesk-pkg = if (lib.strings.hasInfix "23.11" lib.version) then
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else
pkgs.rustdesk-flutter;
vesktop-ozone-cmd = let
extraFlags = lib.optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
@ -19,21 +17,23 @@
done
exec "$@"
'';
in {
in
{
options.nixfiles.packageSets.communication = {
enable = lib.mkEnableOption "communication package set";
};
config = lib.mkIf cfg.enable {
xdg.desktopEntries.vesktop = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Network" "InstantMessaging" "Chat"];
exec = vesktop-ozone-cmd + " %U";
genericName = "Internet Messenger";
icon = "vesktop";
name = "Vesktop";
type = "Application";
categories= ["Network" "InstantMessaging" "Chat"];
exec=vesktop-ozone-cmd + " %U";
genericName="Internet Messenger";
icon="vesktop";
name="Vesktop";
type="Application";
settings = {
StartupWMClass = "Vesktop";
Keywords = "discord;vencord;electron;chat";
StartupWMClass="Vesktop";
Keywords="discord;vencord;electron;chat";
};
};
@ -41,19 +41,17 @@ in {
(waitNet + " " + vesktop-ozone-cmd + " --start-minimized")
];
home.packages = with pkgs;
lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-flutter
tor-browser
onionshare
]
++ [
irssi
];
home.packages = with pkgs; lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
] ++ [
irssi
];
};
}

3
home/package-sets/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./communication.nix
./dev.nix

12
home/package-sets/dev.nix
View File

@ -1,12 +1,8 @@
{
pkgs,
lib,
config,
osConfig ? {},
...
}: let
{ pkgs, lib, config, osConfig ? {}, ... }:
let
cfg = config.nixfiles.packageSets.dev;
in {
in
{
options.nixfiles.packageSets.dev = {
enable = lib.mkEnableOption "development package set";
};

38
home/package-sets/gaming.nix
View File

@ -1,35 +1,27 @@
{
config,
osConfig ? {},
lib,
pkgs,
...
}: let
{ config, osConfig ? { }, lib, pkgs, ... }:
let
cfg = config.nixfiles.packageSets.gaming;
default = osConfig.nixfiles.packageSets.gaming.enable or false;
in {
in
{
config = lib.mkIf cfg.enable {
nixpkgs.overlays = let
in
lib.mkAfter [];
in lib.mkAfter [ ];
nixfiles.common.wm.autostart = [
"steam -silent"
];
home.packages = with pkgs;
[
ludusavi
rclone # needed to sync ludusavi
protontricks
]
++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
lucem
];
home.packages = with pkgs; [
ludusavi
rclone # needed to sync ludusavi
protontricks
] ++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
];
};
options.nixfiles.packageSets.gaming = {
enable = lib.mkOption {

70
home/package-sets/multimedia.nix
View File

@ -1,15 +1,11 @@
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
{ config, lib, pkgs, osConfig ? { }, ...}:
let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf;
default = osConfig ? nixfiles && osConfig.nixfiles.packageSets.multimedia.enable;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
in
{
options.nixfiles.packageSets.multimedia = {
enable = lib.mkOption {
description = "Whether to enable multimedia packages";
@ -20,43 +16,41 @@ in {
};
config = mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
]
++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
] ++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
xdg.mimeApps.defaultApplications = lib.mkMerge [
# project files
(mkOverrideEach 100 {
"image/x-xcf" = ["gimp.desktop"];
"image/x-compressed-xcf" = ["gimp.desktop"];
"image/x-krita" = ["krita.desktop"];
"application/x-audacity-project" = ["audacity.desktop"];
"application/x-audacity-project+sqlite3" = ["audacity.desktop"];
"image/svg+xml" = ["org.inkscape.Inkscape.desktop"];
"image/svg+xml-compressed" = ["org.inkscape.Inkscape.desktop"];
"image/x-xcf" = [ "gimp.desktop" ];
"image/x-compressed-xcf" = [ "gimp.desktop" ];
"image/x-krita" = [ "krita.desktop" ];
"application/x-audacity-project" = [ "audacity.desktop" ];
"application/x-audacity-project+sqlite3" = [ "audacity.desktop" ];
"image/svg+xml" = [ "org.inkscape.Inkscape.desktop" ];
"image/svg+xml-compressed" = [ "org.inkscape.Inkscape.desktop" ];
})
# general files
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [nomacs mpv]))
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [ nomacs mpv ]))
# rest of the files
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [inkscape gimp audacity]))
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [ inkscape gimp audacity ]))
];
};
}

54
home/package-sets/productivity.nix
View File

@ -1,39 +1,33 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.nixfiles.packageSets.productivity;
inherit (lib) optionals;
in {
in
{
config = lib.mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
zen-browser-bin
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
# mapping/GIS
qgis
josm
]
++ [
pandoc
];
# mapping/GIS
qgis
josm
] ++ [
pandoc
];
xdg.desktopEntries.obsidian = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Office"];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = ["x-scheme-handler/obsidian"];
name = "Obsidian";
type = "Application";
categories = [ "Office" ];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = [ "x-scheme-handler/obsidian" ];
name = "Obsidian";
type = "Application";
};
};

211
home/profile/base.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
osConfig ? {},
...
}: let
{ lib, pkgs, config, osConfig ? { }, ... }:
let
cfg = config.nixfiles.profile.base;
in {
in
{
# imports = [
# ./comma.nix
# ];
@ -19,9 +15,7 @@ in {
config = lib.mkIf cfg.enable {
nixfiles.programs.comma.enable = true;
nixfiles.programs.neovim.enable = lib.mkDefault true;
nixfiles.common.nix.enable = true;
nixfiles.common.shell.enable = true;
home.sessionVariables = lib.mkMerge [
(lib.mkIf config.programs.neovim.enable {
@ -35,33 +29,47 @@ in {
"${config.home.profileDirectory}/share/terminfo"
"/usr/share/terminfo"
];
in
builtins.concatStringsSep ":" terminfo-dirs;
in builtins.concatStringsSep ":" terminfo-dirs;
})
];
programs.git = {
enable = lib.mkDefault true;
maintenance.enable = lib.mkDefault true;
# default value is stateVersion dependent, doesn't evaluate after 25.05
# even if signing isn't configured for some reason
signing.format = lib.mkDefault "openpgp";
};
# this allows `git config --global` commands to work by ensuring the
# presense of ~/.gitconfig. git will read from both files, and `git config`
# will not write to ~/.gitconfig when the managed config exists unless
# ~/.gitconfig also exists
home.activation.git-create-gitconfig =
lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter ["writeBoundary"] ''
_nixfiles_git_create_gitconfig () {
if ! [[ -a "$HOME/.gitconfig" ]] ; then
touch "$HOME/.gitconfig"
fi
}
run _nixfiles_git_create_gitconfig
'');
# TODO move this stuff to a shell.nix or something; this is just a quick
# fix so home.sessionVariables works
home.shellAliases = {
v = "nvim";
icat = "kitten icat";
};
programs.fzf.enable = lib.mkDefault true;
programs.fzf.enableZshIntegration = lib.mkDefault true;
programs.fzf.enableBashIntegration = lib.mkDefault true;
programs.bash = {
enable = lib.mkDefault true;
initExtra = ''
export HOME_MANAGER_MANAGED=true;
[[ -e ~/dotfiles/shell/.bashrc ]] && . ~/dotfiles/shell/.bashrc ]]
unset HOME_MANAGERR_MANAGED
'';
};
programs.zsh = {
enable = lib.mkDefault true;
initExtra = ''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
'';
oh-my-zsh = {
enable = lib.mkDefault true;
theme = "robbyrussell";
extraConfig = ''
DISABLE_MAGIC_FUNCTIONS="true"
'';
plugins = [
"git"
];
};
};
programs.btop.enable = lib.mkDefault true;
@ -70,18 +78,16 @@ in {
# defaultTerminal =
# if config.programs.kitty.enable then "kitty"
# else null;
in {
enable = lib.mkDefault true;
settings = lib.mkMerge [
{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
}
(lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})
];
settings = lib.mkMerge [{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
} (lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})];
};
programs.keychain = {
@ -91,8 +97,7 @@ in {
extraFlags = [
"--quiet"
"--systemd"
"--inherit"
"any-once"
"--inherit" "any-once"
"--noask"
];
};
@ -105,83 +110,65 @@ in {
# some packages defined here may be redundant with packages on a non-NixOS
# home-manager setup, but it's better to have a consistent environment at
# the cost of slightly more space
programs.neovim = {
enable = lib.mkDefault true;
vimAlias = lib.mkDefault true;
withPython3 = lib.mkDefault true;
defaultEditor = lib.mkDefault true;
};
home.packages = with pkgs; let
neofetch-hyfetch-shim = writeShellScriptBin "neofetch" ''
exec "${pkgs.hyfetch}/bin/neowofetch" "$@"
'';
in
[
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
in [
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
git
git-lfs
stow
curl
git
git-lfs
stow
curl
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
# for icat on all systems
kitty.kitten
# for icat on all systems
kitty.kitten
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
# files
restic
rclone
rmlint
ncdu
# pretty
hyfetch
neofetch-hyfetch-shim
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# files
restic
rclone
rmlint
ncdu
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
]
++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
# other utilities
tmux
mosh
btop
htop
zoxide
asciinema
];
};
}

3
home/profile/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./base.nix
./pc.nix

12
home/profile/pc.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
config,
osConfig ? {},
lib,
...
}: let
{ pkgs, config, osConfig ? {}, lib, ...}:
let
cfg = config.nixfiles.profile.pc;
default = osConfig ? nixfiles && osConfig.nixfiles.profile.pc.enable;
in {
in
{
options.nixfiles.profile.pc.enable = lib.mkOption {
description = "Whether to enable the personal computer profile";
type = lib.types.bool;

19
home/programs/comma.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
inputs,
...
} @ args: let
{ lib, pkgs, config, inputs, ... } @args:
let
cfg = config.nixfiles.programs.comma;
in {
in
{
imports = [
inputs.nix-index-database.hmModules.nix-index
];
@ -17,9 +13,8 @@ in {
config = {
programs.nix-index.symlinkToCacheHome = lib.mkDefault cfg.enable;
home.packages = with pkgs;
lib.optionals cfg.enable [
comma
];
home.packages = with pkgs; lib.optionals cfg.enable [
comma
];
};
}

4
home/programs/default.nix
View File

@ -1,9 +1,9 @@
{...}: {
{...}:
{
imports = [
./comma.nix
./mopidy.nix
./hypridle.nix
./dunst.nix
./neovim.nix
];
}

8
home/programs/dunst.nix
View File

@ -1,9 +1,5 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.programs.dunst;
mkd = lib.mkDefault;
in {

29
home/programs/hypridle.nix
View File

@ -1,25 +1,21 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
cfg = config.nixfiles.services.hypridle;
inherit (lib.types) str int;
in {
in
{
options.nixfiles.services.hypridle = {
enable = lib.mkEnableOption "the hypridle configuration";
timeouts = let
mkTimeout = timeout: desc:
lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
mkTimeout = timeout: desc: lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
in {
dpms = mkTimeout 300 "DPMS timeout";
lock = mkTimeout 360 "Lock timeout";
locked-dpms = mkTimeout 10 "DPMS timeout while locked";
dpms = mkTimeout (300) "DPMS timeout";
lock = mkTimeout (360) "Lock timeout";
locked-dpms = mkTimeout (10) "DPMS timeout while locked";
};
commands = {
dpms-off = lib.mkOption {
@ -61,6 +57,7 @@ in {
lock-dpms = pkgs.writeShellScript "lock-dpms" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null && "${dpms-wrapped}"
'';
in [
{
timeout = cfg.timeouts.dpms;

15
home/programs/mopidy.nix
View File

@ -1,13 +1,8 @@
{
lib,
pkgs,
config,
outputs,
osConfig ? {},
...
}: let
{ lib, pkgs, config, outputs, osConfig ? {}, ... }:
let
cfg = config.nixfiles.programs.mopidy;
in {
in
{
options.nixfiles.programs.mopidy = {
enable = lib.mkEnableOption "mopidy configuration";
};
@ -43,7 +38,7 @@ in {
];
};
home.packages = with pkgs; [
(ncmpcpp.override {visualizerSupport = true;})
(ncmpcpp.override { visualizerSupport = true; })
];
};
}

25
home/programs/neovim.nix
View File

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixfiles.programs.neovim;
in {
options.nixfiles.programs.neovim.enable = lib.mkEnableOption "the Neovim configuration";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
vimAlias = lib.mkDefault true;
withPython3 = lib.mkDefault true;
defaultEditor = lib.mkDefault true;
extraPackages = with pkgs; [
lua-language-server
rust-analyzer
vscode-langservers-extracted
pyright
gcc
];
};
};
}

8
home/root.nix
View File

@ -1,12 +1,8 @@
# Configuration for root user.
# TODO this file is sorta an exception to my repo organization, it should
# probably be somewhere else.
{
config,
lib,
pkgs,
...
} @ args: {
{ config, lib, pkgs, ... }@args:
{
imports = [
./.
];

3
home/sessions/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./hyprland
./plasma.nix

235
home/sessions/hyprland/default.nix
View File

@ -1,12 +1,5 @@
{
lib,
pkgs,
config,
osConfig ? {},
outputs,
inputs,
...
} @ args: let
{ lib, pkgs, config, osConfig ? {}, outputs, inputs, ... }@args:
let
cfg = config.nixfiles.sessions.hyprland;
mkd = lib.mkDefault;
hyprland-pkg = config.wayland.windowManager.hyprland.finalPackage;
@ -19,7 +12,7 @@
rofi = "${pkgs.rofi-wayland}/bin/rofi";
notifydaemon = "${pkgs.dunst}/bin/dunst";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
polkit-agent = "${pkgs.kdePackages.polkit-kde-agent-1}/libexec/polkit-kde-authentication-agent-1";
polkit-agent = "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
grimblast = "${inputs.hyprwm-contrib.packages.${pkgs.system}.grimblast}/bin/grimblast";
swayidle = "${pkgs.swayidle}/bin/swayidle";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
@ -31,15 +24,13 @@
lock-cmd = "${swaylock}";
mkKittyHdrop = name: command: let
class =
if builtins.isNull (builtins.match "[[:alnum:]_]+" name)
then throw "mkKittyHdrop: window name should be an alphanumeric string"
else "kitty-${name}";
class = if builtins.isNull (builtins.match "[[:alnum:]_]+" name) then throw "mkKittyHdrop: window name should be an alphanumeric string" else "kitty-${name}";
wrappedCommand = pkgs.writeShellScript "hdrop-${name}" ''
exec bash -c ${lib.escapeShellArg command}
'';
in "hdrop -f -c ${class} 'kitty --class=${class} ${wrappedCommand}'";
# lock-cmd = let
# cmd = pkgs.writeShellScript "lock-script" ''
# ${swayidle} -w timeout 10 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' &
@ -57,7 +48,7 @@
resume 'hyprctl dispatch dpms on'
'';
hypr-dispatcher-package = pkgs.callPackage ./dispatcher {hyprland = hyprland-pkg;};
hypr-dispatcher-package = pkgs.callPackage ./dispatcher { hyprland = hyprland-pkg; };
hypr-dispatcher = "${hypr-dispatcher-package}/bin/hypr-dispatcher";
wallpaper-package = "${pkgs.nixfiles-assets}";
@ -65,8 +56,7 @@
wallpaper-cmd = "${swaybg} -i ${wallpaper-package}/share/wallpapers/${wallpaper}";
# https://github.com/flatpak/xdg-desktop-portal-gtk/issues/440#issuecomment-1900520919
xdpg-workaround =
pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
xdpg-workaround = pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
''
${pkgs.coreutils}/bin/sleep 3
${pkgs.systemd}/bin/systemctl --user import-environment PATH
@ -75,20 +65,19 @@
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x + 1) (9 ++ [0]);
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
workspaceName = key: let
inherit (builtins) hasAttr;
keyNames = {
"0" = "10";
};
in
if hasAttr key keyNames
then keyNames."${key}"
else key;
if hasAttr key keyNames then keyNames."${key}" else key;
inherit (outputs.packages.${pkgs.system}) wm-helpers;
keysetting = "${wm-helpers}/bin/keysetting";
in {
in
{
# FIXME this is temporary just to get it working, need to make wm-common an
# option first
# imports = [
@ -99,10 +88,7 @@ in {
enable = lib.mkOption {
description = "Whether to enable hyprland.";
type = lib.types.bool;
default =
if (builtins.hasAttr "home-manager" osConfig)
then osConfig.nixfiles.sessions.hyprland.enable
else false;
default = if (builtins.hasAttr "home-manager" osConfig) then osConfig.nixfiles.sessions.hyprland.enable else false;
example = true;
};
@ -126,7 +112,7 @@ in {
nixfiles.common.wm.enable = true;
home.packages = with pkgs; [
kitty
kdePackages.dolphin
dolphin
rofi-wayland
wev
dunst
@ -147,6 +133,7 @@ in {
enable = true;
package = lib.mkIf (osConfig ? programs) (lib.mkDefault osConfig.programs.hyprland.package);
settings = {
# enable debug logging
debug.disable_logs = mkd false;
@ -163,17 +150,15 @@ in {
exec-once = let
wrapScope = cmd: "systemd-run --user --scope -- ${cmd}";
in
(lib.optional cfg.autolock lock-cmd)
++ (map wrapScope config.nixfiles.common.wm.autostart)
++ [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
in (lib.optional cfg.autolock lock-cmd) ++ (map wrapScope config.nixfiles.common.wm.autostart) ++
[
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
@ -181,13 +166,14 @@ in {
# Some default env vars.
# env = mkd "XCURSOR_SIZE,24";
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input = {
kb_layout = mkd "us";
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
kb_options = [
"compose:ralt"
];
@ -254,18 +240,18 @@ in {
};
master = {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
};
gestures = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
};
misc = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
};
"$mod" = mkd "SUPER";
@ -277,98 +263,95 @@ in {
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind =
[
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
bind = [
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
]
++ lib.optional config.nixfiles.programs.mopidy.enable
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
] ++ lib.optional config.nixfiles.programs.mopidy.enable
"$mod CTRL, n, exec, ${mkKittyHdrop "ncmpcpp" "ncmpcpp"}";
# repeat, ignore mods
bindei =
lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindei = lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging

29
home/sessions/hyprland/dispatcher/default.nix
View File

@ -1,20 +1,19 @@
{
lib,
{ lib,
stdenvNoCC,
socat,
coreutils,
hyprland,
makeShellWrapper,
}: let
wrappedPath = lib.makeBinPath [coreutils socat hyprland];
makeShellWrapper }:
let
wrappedPath = lib.makeBinPath [ coreutils socat hyprland ];
in
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = ["installPhase"];
nativeBuildInputs = [makeShellWrapper];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeShellWrapper ];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}

20
home/sessions/plasma.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
config,
lib,
osConfig ? {},
...
}: let
{ pkgs, config, lib, osConfig ? {}, ... }:
let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in {
in
{
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
@ -17,12 +13,12 @@ in {
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript =
pkgs.writeShellScript "autostart-script"
startupScript = pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
@ -34,6 +30,6 @@ in {
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [autostartPkg];
in [ autostartPkg ];
};
}

7
home/standalone.nix
View File

@ -1,12 +1,7 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{ inputs, pkgs, config, lib, ... }:
{
inputs,
pkgs,
config,
lib,
...
}: {
imports = [
./.
inputs.stylix.homeManagerModules.stylix

10
home/stylix.nix
View File

@ -1,18 +1,12 @@
{ pkgs, lib, config, inputs, ... }@args:
{
pkgs,
lib,
config,
inputs,
...
} @ args: {
imports = [];
imports = [ ];
config = {
stylix = lib.mkMerge [
{
targets.vim.enable = lib.mkDefault false;
targets.neovim.enable = lib.mkDefault false;
targets.gtk.enable = lib.mkDefault false;
targets.qt.enable = lib.mkDefault false;
targets.fzf.enable = lib.mkDefault false;
# the ring is styled light so it's light on light which looks worse than the default theme
targets.swaylock.enable = lib.mkDefault false;

18
hosts/nixos-wsl/configuration.nix
View File

@ -1,10 +1,8 @@
{ pkgs, config, lib, vars, ... }:
{
pkgs,
config,
lib,
vars,
...
}: {
imports = [
./tmpfiles-workaround.nix
];
config = {
networking.hostName = "nixos-wsl";
@ -31,7 +29,7 @@
RemainAfterExit = true;
};
description = "WSL startup workaround";
wantedBy = ["default.target"];
wantedBy = [ "default.target" ];
};
};
@ -47,12 +45,10 @@
noto-fonts-cjk-sans
];
fileSystems."/mnt/wsl/instances/NixOS" = {
device = "/";
options = ["bind"];
options = [ "bind" ];
};
# standard disclaimer don't change this for any reason whatsoever
system.stateVersion = "23.11";
};
}

9
hosts/nixos-wsl/home.nix
View File

@ -1,12 +1,7 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
{
pkgs,
lib,
config,
osConfig ? {},
...
}: {
config = {
nixfiles = {
nixfiles = {
profile.base.enable = true;
packageSets.dev.enable = true;
packageSets.multimedia.enable = true;

11
hosts/nixos-wsl/tmpfiles-workaround.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
config.systemd.tmpfiles.packages = let
package = pkgs.runCommand "no-systemd-tmpfiles-nocow" {} ''
mkdir -p "$out/lib/tmpfiles.d"
cd "$out/lib/tmpfiles.d"
ln -s /dev/null journal-nocow.conf
'';
in lib.mkAfter [ package ];
}

18
hosts/nullbox/backup.nix
View File

@ -1,22 +1,20 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in {
in
{
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [btrfs-progs];
path = with pkgs; [ btrfs-progs ];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
@ -39,7 +37,6 @@ in {
];
paths = [
"/srv/mcserver/@restic"
"/persist/backup"
];
dynamicFilesFrom = ''
echo
@ -49,6 +46,7 @@ in {
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

56
hosts/nullbox/configuration.nix
View File

@ -1,51 +1,54 @@
# vim: set ts=2 sw=2 et:
# vim: set ts=2 sw=2 et:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./impermanence.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./backup.nix
];
./impermanence.nix
./backup.nix
];
config = {
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/6AC23F0FC23EDF4F";
options = ["auto_cache" "nofail"];
options = [ "auto_cache" "nofail" ];
};
"/.btrfsroot" = {
options = ["subvol=/"];
options = [ "subvol=/" ];
};
}
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
# hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.production;
hardware.nvidia.open = lib.mkForce false;
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
system.nixos.tags = [ "Hyprland" ];
nixfiles = {
session = "hyprland";
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
@ -62,7 +65,7 @@
workarounds.nvidiaPrimary = true;
programs.greetd = {
settings = {
randr = ["--output" "HDMI-A-3" "--off"];
randr = [ "--output" "HDMI-A-3" "--off" ];
autologin = false;
autologinUser = "nullbite";
autolock = false;
@ -106,7 +109,8 @@
};
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
networking.wg-quick.interfaces.wg0 = {
configFile = "/etc/wireguard/wg0.conf";
@ -118,6 +122,7 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "nullbox";
# Pick only one of the below networking options.
@ -125,7 +130,8 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
time.timeZone = "America/New_York";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
@ -140,4 +146,6 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

114
hosts/nullbox/hardware-configuration.nix
View File

@ -1,77 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@root"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver-old" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver-old/.snapshots" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver-old/.snapshots" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver/.snapshots" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver/.snapshots" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
hosts/nullbox/home.nix
View File

@ -1,9 +1,5 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}: {
imports = [
];

62
hosts/nullbox/impermanence.nix
View File

@ -1,16 +1,11 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
inherit (lib) escapeShellArg;
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = {
volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume,
}: ''
mkBtrfsInit = { volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume }:
''
mkdir -p /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/
@ -39,7 +34,7 @@ in {
neededForBoot = true;
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/@persist"];
options = [ "subvol=/nixos/@persist" ];
};
# TODO volatile btrfs module
@ -52,12 +47,8 @@ in {
fileSystems."/" = lib.mkForce {
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/volatile"];
options = [ "subvol=/nixos/volatile" ];
};
# agenix fix
fileSystems."/etc/ssh".neededForBoot = true;
environment.persistence = {
"/persist/nobackup" = {
hideMounts = true;
@ -79,24 +70,15 @@ in {
# probably NEVER be excluded removed.
"/var/lib/nixos/"
# password files for user.user.<name>.hashedPasswordFile
{
directory = "/etc/passfile";
mode = "0700";
}
{ directory = "/etc/passfile"; mode = "0700"; }
# persistent non-declarative config
"/etc/nixos"
"/etc/ssh"
{
directory = "/etc/wireguard";
mode = "0700";
}
{ directory = "/etc/wireguard"; mode = "0700"; }
# let's keep the root home dir as well
{
directory = "/root";
mode = "0700";
}
{ directory = "/root"; mode = "0700"; }
# system state
"/etc/NetworkManager/system-connections"
@ -107,29 +89,13 @@ in {
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{
directory = "/var/lib/tailscale";
mode = "0700";
}
{ directory = "/var/lib/tailscale"; mode = "0700"; }
"/var/lib/unbound"
"/var/db/sudo/lectured"
# remember login stuff
{
directory = "/var/cache/tuigreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/cache/regreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/lib/regreet";
user = "greeter";
group = "greeter";
}
{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/cache/regreet"; user = "greeter"; group = "greeter"; }
];
files = [

13
hosts/nullbox/luks.nix
View File

@ -1,11 +1,8 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in {
in
{
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
@ -19,7 +16,7 @@ in {
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device = "/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;

43
hosts/nullbox/mcserver.nix
View File

@ -1,21 +1,18 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.services.minecraft-servers;
in {
in
{
config = {
fileSystems = {
"/srv/mcserver".options = ["compress=zstd" "nofail"];
"/srv/mcserver/.snapshots".options = ["compress=zstd" "nofail"];
"/srv/mcserver".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver/.snapshots".options = [ "compress=zstd" "nofail" ];
};
networking.firewall.trustedInterfaces = ["wg0"];
networking.firewall.trustedInterfaces = [ "wg0" ];
users = {
users = {
nullbite.extraGroups = ["minecraft"];
nullbite.extraGroups = [ "minecraft" ];
};
};
@ -48,19 +45,18 @@ in {
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in
pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = ["mods"];
modpackFiles = ["config/"];
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" ];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
@ -69,8 +65,8 @@ in {
enable = true;
autoStart = true;
modpack = pkgs.modpacks.notlite;
modpackSymlinks = ["config/yosbr" "config/quilt-loader-overrides.json" "mods"];
modpackFiles = ["kubejs/"];
modpackSymlinks = [ "config/yosbr" "config/quilt-loader-overrides.json" "mods" ];
modpackFiles = [ "kubejs/" ];
serverProperties = {
motd = "owo what's this (nix notlite edition)";
server-port = 25567;
@ -80,10 +76,11 @@ in {
level-seed = "8555431723250870652";
level-type = "bclib:normal";
};
};
minecraft-nixtest = let
self = cfg.servers.minecraft-nixtest;
package = pkgs.quiltServers.quilt-1_20_1.override {loaderVersion = "0.21.0";};
package = pkgs.quiltServers.quilt-1_20_1.override { loaderVersion = "0.21.0"; };
in {
useRecommendedDefaults = true;
enable = false;
@ -95,8 +92,8 @@ in {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
};
modpackSymlinks = ["mods"];
modpackFiles = ["config/" "kubejs/"];
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" "kubejs/" ];
serverProperties = rec {
motd = "owo what's this (nix edition)";
server-port = 25568;

6
hosts/nullbox/unbound.nix
View File

@ -1,9 +1,5 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
config = {
networking.networkmanager.dns = "none";
services.unbound.enable = true;

398
hosts/rpi4/authelia.nix
View File

@ -3,10 +3,10 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib) types mkIf optionalString;
inherit
(builtins)
inherit (builtins)
isNull
any
all
@ -20,18 +20,22 @@
"regular"
"basic"
];
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
getUpstreamFromInstance =
instance:
let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
targetHost =
if host == "0.0.0.0"
then "127.0.0.1"
else if lib.hasInfix ":" host
then throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else host;
in "http://${targetHost}:${toString port}";
targetHost =
if host == "0.0.0.0" then
"127.0.0.1"
else if lib.hasInfix ":" host then
throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else
host;
in
"http://${targetHost}:${toString port}";
# use this when reverse proxying to authelia (and only authelia because i
# like the nixos recommended proxy settings better)
@ -112,204 +116,212 @@
proxy_set_header X-Forwarded-URI $request_uri;
'';
genAuthConfig = method: let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
genAuthConfig =
method:
let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
in
''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
in ''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
genAuthConfigPkg = method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in {
genAuthConfigPkg =
method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in
{
# authelia
options.services.nginx = let
mkAttrsOfSubmoduleOpt = module: lib.mkOption {type = with types; attrsOf (submodule module);};
options.services.nginx =
let
mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); };
# make system config accessible from submodules
systemConfig = config;
# make system config accessible from submodules
systemConfig = config;
# submodule definitions
vhostModule = {
name,
config,
...
} @ attrs: {
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
# submodule definitions
vhostModule =
{ name, config, ... }@attrs:
{
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
example = "basic";
};
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations =
let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
upstream = lib.mkOption {
};
genLocationModule =
vhostAttrs:
{ name, config, ... }:
let
vhostConfig = vhostAttrs.config;
in
{
options.authelia.method = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations = let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
in
{
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
genLocationModule = vhostAttrs: {
name,
config,
...
}: let
vhostConfig = vhostAttrs.config;
in {
options.authelia.method = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
# TODO check if any vhosts have authelia configured
config = let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
config =
let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
mkIf true {
assertions = [
{

17
hosts/rpi4/backup.nix
View File

@ -1,13 +1,10 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secret = name: config.age.secrets."${name}".path;
in {
in
{
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
services.restic.backups.system = {
rcloneConfigFile = secret "restic-rclone";
@ -17,7 +14,6 @@ in {
".snapshots"
"gdlmirror"
"gitea-dump-*"
"/var/lib/thelounge/storage"
];
paths = [
"/srv"
@ -28,8 +24,6 @@ in {
"/var/lib/gitea"
"/var/lib/tailscale"
"/var/lib/private/anki-sync-server"
"/var/lib/thelounge"
"/var/lib/paperless"
"/etc"
];
dynamicFilesFrom = ''
@ -41,6 +35,7 @@ in {
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

47
hosts/rpi4/configuration.nix
View File

@ -1,21 +1,17 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
./media-sync.nix
./backup.nix
];
./backup.nix
];
fileSystems = let
mounts = [
@ -26,9 +22,8 @@
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = x: {options = ["compress=zstd" "commit=300" "noatime"];};
in
lib.genAttrs mounts fn;
fn = (x: { options = [ "compress=zstd" "commit=300" "noatime" ];});
in lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
@ -38,7 +33,8 @@
configurationLimit = 5;
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
nixfiles = {
profile.server.enable = true;
@ -67,7 +63,7 @@
"wg0"
"tailscale0"
];
networking.firewall.allowedUDPPorts = [51820];
networking.firewall.allowedUDPPorts = [ 51820 ];
services.openssh = {
enable = true;
@ -97,6 +93,9 @@
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -124,11 +123,11 @@
# tree
# ];
# };
users.users.nullbite = {
isNormalUser = true;
extraGroups = ["wheel"];
uid = 1000;
};
users.users.nullbite = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -182,4 +181,6 @@
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

51
hosts/rpi4/gitea.nix
View File

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.services.gitea;
in {
in
{
config = {
services.gitea = {
enable = true;
@ -35,37 +32,19 @@ in {
DEFAULT_THEME = "catppuccin-mocha-pink";
THEMES = let
ctpAttrs = {
flavor = ["latte" "frappe" "macchiato" "mocha"];
accent = [
"rosewater"
"flamingo"
"pink"
"mauve"
"red"
"maroon"
"peach"
"yellow"
"green"
"teal"
"sky"
"sapphire"
"blue"
];
flavor = [ "latte" "frappe" "macchiato" "mocha" ];
accent = [ "rosewater" "flamingo" "pink" "mauve"
"red" "maroon" "peach" "yellow" "green" "teal"
"sky" "sapphire" "blue" ];
};
ctpThemes =
lib.mapCartesianProduct
({
flavor,
accent,
}: "catppuccin-${flavor}-${accent}")
ctpThemes = lib.mapCartesianProduct
( { flavor, accent }: "catppuccin-${flavor}-${accent}" )
ctpAttrs;
in
lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
]
++ ctpThemes);
in lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
] ++ ctpThemes);
};
};
};

118
hosts/rpi4/hardware-configuration.nix
View File

@ -1,78 +1,75 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/"];
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/srv/syncthing" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@syncthing"];
};
fileSystems."/srv/syncthing" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@syncthing" ];
};
fileSystems."/srv/media" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@media"];
};
fileSystems."/srv/media" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@media" ];
};
fileSystems."/opt/hassio" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@hassio"];
};
fileSystems."/opt/hassio" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@hassio" ];
};
fileSystems."/opt/hassio/.snapshots" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/snapshots/@hassio"];
};
fileSystems."/opt/hassio/.snapshots" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/snapshots/@hassio" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -84,3 +81,4 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/rpi4/home.nix
View File

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
config = {
nixfiles.profile.base.enable = true;
programs.keychain.enable = false;

47
hosts/rpi4/media-sync.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
in {
config = {
nixfiles.programs.syncthing.enable = true;
systemd.timers.gallery-dl = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "13";
RandomizedDelaySec = "4m";
};
};
systemd.services.gallery-dl = {
path = with pkgs; [bash coreutils findutils gallery-dl];
serviceConfig = {
# none of your fucking business
# TODO move this into an agenix secret probably
ExecStart = "/srv/gallery-dl.sh";
Type = "oneshot";
User = "nullbite";
};
};
systemd.timers.gallery-dl-dedup = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "3h";
};
};
systemd.services.gallery-dl-dedup = {
path = with pkgs; [bash coreutils rmlint];
serviceConfig = {
# likewise
ExecStart = "/srv/gallery-dl-dedup.sh";
Type = "oneshot";
User = "nullbite";
};
};
};
}

8
hosts/rpi4/reddit-subscriptions.txt
View File

@ -4,6 +4,7 @@ AreTheStraightsOK
autism
beatsaber
Bitwarden
boykisser
btd6
ConservativeRap
crackheadcraigslist
@ -19,22 +20,17 @@ femboymemes
feminineboys
flatpak
geometrydash
gocommitdie
homeassistant
ihaveihaveihavereddit
LinkedInLunatics
linux
linux_gaming
losercity
MINDWAVEgame
NixOS
NonBinaryTalk
okbuddyhetero
peepeeshart
pressureroblox
prismlauncher
programmingcirclejerk
regretevator
rust
rustjerk
selfhosted
@ -42,9 +38,9 @@ Shark_Park
steam
SteamDeck
talesfromtechsupport
techsupport
termux
theamazingdigitalciru
Ultrakill
unicodecirclejerk
VaushV
whenthe

564
hosts/rpi4/services.nix
View File

@ -1,17 +1,11 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit (config.age) secrets;
inherit (builtins) toString;
in {
imports = [
./gitea.nix
./authelia.nix
];
config = {
age.secrets.cloudflaredns = {
file = ../../secrets/cloudflare-dns.age;
group = "secrets";
@ -56,16 +50,8 @@ in {
file = ../../secrets/anki-user.age;
};
age.secrets.homepage = {
file = ../../secrets/homepage.age;
};
age.secrets.paperless-admin = {
file = ../../secrets/paperless-admin.age;
};
users.groups.secrets = {};
users.users.acme.extraGroups = ["secrets"];
users.users.acme.extraGroups = [ "secrets" ];
security.acme = {
acceptTerms = true;
@ -99,59 +85,57 @@ in {
};
};
users.users.nginx.extraGroups = ["acme"];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
80 443
# this is needed for node to work for some reason
8123
];
users.groups.authelia-shared = {};
services.authelia.instances =
lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
users.groups.authelia-shared = { };
services.authelia.instances = lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
};
services.redis = {
servers.authelia = {
@ -161,7 +145,7 @@ in {
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [name];
in [ name ];
services.nginx = {
enable = true;
@ -175,30 +159,24 @@ in {
virtualHosts = let
useACMEHost = "protogen.io";
mkProxy = args @ {
upstream ? "http://127.0.0.1:${builtins.toString args.port}",
auth ? false,
authelia ? false,
extraConfig ? {},
...
}:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, authelia ? false, extraConfig ? {}, ... }:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
@ -209,273 +187,136 @@ in {
# };
# };
mkAuthProxy = port:
mkProxy {
inherit port;
authelia = true;
mkAuthProxy = port: mkProxy { inherit port; authelia = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in (lib.mapAttrs (domain: instance: { forceSSL = true; inherit useACMEHost; authelia.endpoint = { inherit instance; };}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
}) // {
"changedetection.protogen.io" = mkReverseProxy 5000;
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
"gitea.protogen.io" = mkReverseProxy 3000;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}];
mkReverseProxy = port: mkProxy {inherit port;};
in
(lib.mapAttrs (domain: instance: {
forceSSL = true;
inherit useACMEHost;
authelia.endpoint = {inherit instance;};
}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
})
// {
"changedetection.protogen.io" = mkReverseProxy 5000;
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in mkProxy { authelia = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};};
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
# URL shortener
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
"admin.nbt.sh" = mkProxy { authelia = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
"gitea.protogen.io" = mkReverseProxy 3000;
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [
(mkProxy {
authelia = true;
upstream = "http://10.10.1.8:80";
})
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}
];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in
mkProxy {
authelia = true;
inherit port;
extraConfig = {
locations = lib.genAttrs ["/favicon.ico" "/autocompleter" "/opensearch.xml"] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};
};
# URL shortener
"nbt.sh" = mkProxy {
port = 8090;
extraConfig.serverAliases = ["proot.link"];
};
"admin.nbt.sh" = mkProxy {
authelia = true;
port = 8091;
extraConfig.serverAliases = ["admin.proot.link"];
};
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = ["x.protogen.io"];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = ["www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz"];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = [ "x.protogen.io" ];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz" ];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
# https://gethomepage.dev
services.homepage-dashboard = let
entry = name: value: {"${name}" = value;};
makeBookmark = name: {...} @ attrs: entry name [attrs];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({inherit abbr href;} // lib.optionalAttrs (icon != null) {inherit icon;});
in {
enable = true;
listenPort = 8089;
environmentFile = secrets.homepage.path;
# bookmarks customCSS customJS docker environmentFile kubernetes services settings widgets
settings = {
theme = "dark";
color = "slate";
};
widgets = [
(entry "resources" {
cpu = true;
memory = true;
disk = "/";
})
(entry "search" {
provider = "custom";
target = "_self";
url = "https://searx.protogen.io/search?q=";
suggestionUrl = "https://searx.protogen.io/autocompleter?q=";
showSearchSuggestions = true;
})
];
services = let
service = name: subdomain: icon: {...} @ attrs:
entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
}
// attrs);
basicService = name: subdomain: icon: service name subdomain icon {};
in [
(entry "unsorted" [
(basicService "Firefly III" "firefly" "firefly-iii")
(basicService "Gitea" "gitea" "gitea")
(basicService "Home Assistant" "hass" "home-assistant")
(basicService "Node-RED" "node" "node-red")
(basicService "Zigbee2MQTT" "z2m" "zigbee2mqtt")
(basicService "Code Server (Home Assistant)" "vsc-hass" "vscode")
(basicService "Deemix" "deemix" "deemix")
(basicService "Miniflux" "rss" "miniflux")
(basicService "mlmym" "blahaj" "lemmy-light")
(basicService "Octoprint" "print" "octoprint")
(basicService "SearXNG" "searx" "searxng")
(basicService "TheLounge" "lounge" "thelounge")
(basicService "Paperless" "paper" "paperless-ngx")
(entry "Shlink" {
href = "https://admin.nbt.sh";
icon = "shlink";
})
(basicService "Create Track Map" "trackmap" "")
((x:
service x x x {
widget = {
};
}) "changedetection")
(service "Uptime Kuma" "uptime" "uptime-kuma" {
widget = {
type = "uptimekuma";
url = "https://uptime.protogen.io";
slug = "all";
};
})
(service "Jellyfin" "room" "jellyfin" {
widget = {
type = "jellyfin";
url = "https://room.protogen.io";
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableBlocks = true;
enableNowPlaying = true;
enableUser = true;
};
})
])
];
bookmarks = [
(entry "Admin" [
(makeBookmark' "Backblaze" "backblaze" "BZ" "https://secure.backblaze.com/user_signin.htm")
(makeBookmark' "Cloudflare" "cloudflare" "CF" "https://dash.cloudflare.com")
(makeBookmark' "Porkbun" "porkbun" "PB" "https://porkbun.com/account/domainsSpeedy")
(makeBookmark' "Namecheap" "namechea" "NC" "https://ap.www.namecheap.com/")
])
(entry "Developer" [
(makeBookmark' "GitHub" "github" "GH" "https://github.com")
])
(entry "Local" [
(makeBookmark' "Syncthing" "syncthing" "ST" "http://127.0.0.1:8384")
(makeBookmark' "Iris" null "IR" "http://localhost:6680/iris/")
])
(entry "Entertainment" [
(makeBookmark' "Redlib" "redlib" "RL" "https://redlib.protogen.io")
])
];
};
virtualisation.docker = {
@ -484,7 +325,7 @@ in {
};
# needed for mDNS in Home Assistant
networking.firewall.allowedUDPPorts = [5353];
networking.firewall.allowedUDPPorts = [ 5353 ];
systemd.services.redlib.environment = {
REDLIB_DEFAULT_SUBSCRIPTIONS = lib.pipe ./reddit-subscriptions.txt [
@ -507,41 +348,6 @@ in {
port = 8087;
};
services.thelounge = {
enable = true;
extraConfig = {
prefetch = true;
prefetchStorage = true;
prefetchMaxImageSize = 8192;
};
};
services.redis.servers.paperless.enable = true;
services.paperless = {
enable = true;
# default is "localhost", binding should not rely on DNS (even if
# localhost is hard-coded 99.999% of the time)
address = "127.0.0.1";
passwordFile = secrets.paperless-admin.path;
settings = {
PAPERLESS_ADMIN_USER = "nullbite";
PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}";
PAPERLESS_URL = "https://paper.protogen.io";
PAPERLESS_TIKA_ENABLED = true;
PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${toString config.services.gotenberg.port}";
};
};
users.users."${config.services.paperless.user}".extraGroups = let
name = config.services.redis.servers.paperless.group;
in [name];
services.gotenberg = {
enable = true;
port = 3002;
};
services.tika.enable = true;
services.anki-sync-server = {
enable = true;
address = "127.0.0.1";

611
hosts/slab/configuration.nix
View File

@ -1,319 +1,316 @@
# vim: set ts=2 sw=2 et foldmethod=marker:
# vim: set ts=2 sw=2 et foldmethod=marker:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
vars,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
{ config, lib, pkgs, vars, ... }:
{
# nix.settings.experimental-features = ["nix-command" "flakes" ];
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = [ "subvol=/" ];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = { device = "/boot/EFI/Linux"; options = [ "bind" ]; };
"/efi/EFI/nixos" = { device = "/boot/EFI/nixos"; options = [ "bind" ]; };
})
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
config = {
# nix.settings.experimental-features = ["nix-command" "flakes" ];
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = ["subvol=/"];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = {
device = "/boot/EFI/Linux";
options = ["bind"];
};
"/efi/EFI/nixos" = {
device = "/boot/EFI/nixos";
options = ["bind"];
};
})
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
}))
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
nixfiles.session = "hyprland";
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
settings = {
autologin = true;
autologinUser = "nullbite";
};
};
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = ["quiet"];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device = "/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
};
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable ["tcp://pixel.magpie-moth.ts.net:6000"];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = {
lidSwitch = "lock";
suspendKey = "hibernate";
};
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
nixfiles.session = "hyprland";
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
settings = {
autologin = true;
autologinUser = "nullbite";
};
};
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = [ "quiet" ];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
};
};
# bootloader setup
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
# grub = {
# enable = true;
# efiSupport = true;
# device = "nodev";
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
};
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable [ "tcp://pixel.magpie-moth.ts.net:6000" ];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
unitConfig.DefaultDependencies = "no";
});
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = {
lidSwitch = "lock";
suspendKey = "hibernate";
};
services.xserver.videoDrivers = ["amdgpu"];
# {{{ old config
# Use the systemd-boot EFI boot loader.
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;
# {{{ old config
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# users.users.nullbite = {
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# packages = with pkgs; [
# firefox
# keychain
# ];
# initialPassword = "changeme";
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
# keybindings = true;
# fuzzyCompletion = true;
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# curl
# git
# stow
# zsh
# ntfs3g
# fd
# ripgrep
# sbctl
# comma
# ];
# Allow unfree packages
# nixpkgs.config.allowUnfree = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.openssh = {
# enable = true;
# openFirewall = true;
# settings = {
# };
# };
# services.tailscale.enable = true;
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

86
hosts/slab/hardware-configuration.nix
View File

@ -1,59 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a";}
];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

13
hosts/slab/home.nix
View File

@ -1,10 +1,5 @@
{ lib, pkgs, osConfig, config, ... }:
{
lib,
pkgs,
osConfig,
config,
...
}: {
imports = [
../../home
];
@ -14,7 +9,7 @@
profile.base.enable = true;
common.wm.keybinds = {
Launch1 = "playerctl play-pause"; # ROG key
Launch1="playerctl play-pause"; # ROG key
# Launch3="true"; # AURA fn key
# Launch4="true"; # fan control fn key
};
@ -22,8 +17,8 @@
home.stateVersion = "23.11";
# TODO mkif stylix.enable; danth/stylix#216
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) {size = 32;};
stylix.cursor = lib.mkIf config.stylix.enable {size = 32;};
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) { size = 32; };
stylix.cursor = { size = 32; };
nixfiles.theming.catppuccin.themeDPI = "hdpi";

19
hosts/slab/nvidia-optimus.nix
View File

@ -1,13 +1,11 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.supergfxd.enable = true;
specialisation = {
nvidia.configuration = {
system.nixos.tags = ["NVIDIA"];
system.nixos.tags = [ "NVIDIA" ];
nixfiles.supergfxd.profile = "Hybrid";
@ -17,9 +15,9 @@
hardware.nvidia = {
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
@ -32,8 +30,7 @@
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in
version;
in version;
prime = {
offload = {

14
hosts/slab/supergfxd.nix
View File

@ -1,10 +1,5 @@
{
pkgs,
lib,
config,
options,
...
} @ args: let
{ pkgs, lib, config, options, ... }@args:
let
gfx = {
Integrated = {
supergfxd = pkgs.writeText "supergfxd-integrated" ''
@ -74,8 +69,7 @@
isKeyInAttrset = let
getKeys = attrset: lib.mapAttrsToList (name: _: name) attrset;
isInList = key: list: lib.any (x: x == key) list;
in
key: attrset: isInList key (getKeys attrset);
in key: attrset: isInList key (getKeys attrset);
inherit (lib) mkIf mkOption types;
in {
@ -89,7 +83,7 @@ in {
};
config = {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
# TODO actually configure the system settings here
"supergfxd.conf" = {
source = gfx.${cfg.profile}.supergfxd;

35
lib/nixfiles/default.nix
View File

@ -1,31 +1,8 @@
{...} @ attrs: let
# compatibility with old loading system (this looks awful fix this when i
# fully migrate to flake-parts). this constructs an attrset that resembles
# what the old args used to look like in attrs', so i don't have to rewrite
# all of the glue. it creates a fake pkgs value containing only `lib`.
#
# actually no idk if i can fix this because it needs to be accessible from
# everything (flake, nixos/home-manager modules, maybe derivations). this
# might be the best way to do this so i can pass in either pkgs or lib based
# on the current context, and just return relevant libraries based on that
# input.
#
# create empty `pkgs` with lib only `lib` attr as fallback
pkgs = attrs.pkgs or {inherit (attrs) lib;};
# inherit lib from whatever `pkgs` happens to be
{ pkgs, ... }:
let
inherit (pkgs) lib;
# compat
attrs' = attrs // {inherit pkgs;};
in
{
types = (import ./types.nix) attrs';
}
# only if an actual `pkgs` was passed
// lib.optionalAttrs (attrs ? pkgs) {
minecraft = (import ./minecraft.nix) attrs';
}
# modules that rely on `self` (flake)
// lib.optionalAttrs (attrs ? self) {
flake-legacy = (import ./flake-legacy.nix) attrs';
}
{
types = (import ./types.nix) { inherit pkgs; };
minecraft = (import ./minecraft.nix) { inherit pkgs; };
}

259
lib/nixfiles/flake-legacy.nix
View File

@ -1,259 +0,0 @@
{
self,
lib,
moduleAttrs,
...
}: let
inherit (moduleAttrs.config.nixfiles.common) overlays;
### Configuration
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
inherit username mobileTimeZone self;
};
# funciton to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
# values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = {
};
inherit (self) inputs outputs;
inherit (inputs) nixpkgs nixpkgs-unstable home-manager home-manager-unstable;
in rec {
# This function produces a module that adds the home-manager module to the
# system and configures the given module to the user's Home Manager
# configuration
homeManagerInit = let
_username = username;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs, # this is so modules can know which flake the system is using
home-manager ? inputs.home-manager,
username ? _username,
module ? _: {},
rootModule ? (import (self + "/home/root.nix")),
userModules ? {
${username} = [module];
root = [rootModule];
},
stateVersion ? null,
}: {
config,
lib,
pkgs,
...
}: let
mapUserModules = lib.attrsets.mapAttrs (user: modules: {lib, ...}: {
imports =
[
(self + "/home")
]
++ modules;
config = {
home = lib.mkIf (!(builtins.isNull stateVersion)) {inherit stateVersion;};
};
});
users = mapUserModules userModules;
in {
imports = [
home-manager.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = lib.mkDefault false;
useUserPackages = lib.mkDefault true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
};
# TODO rewrite this so it follows the same wrapper pattern as
# mkHome This function produces a nixosSystem which imports
# configuration.nix and a Home Manager home.nix for the given user
# from ./hosts/${hostname}/
#
# nevermind i am migrating everything to flake-parts, i'm glad i
# never got around to this. i think the module system takes care of
# whatever the fuck godforsaken use-case i had for rewriting this
# (more ergonomic and/or default arguments or something).
mkSystemN = let
_username = username;
_overlays = overlays;
in
{
nixpkgs ? inputs.nixpkgs,
home-manager ? inputs.home-manager,
username ? _username,
entrypoint ? (self + "/system"),
modules ? [],
stateVersion ? null,
config ? {},
overlays ? _overlays,
system,
...
} @ args: let
_modules =
[entrypoint config]
++ modules
++ [
{
nixpkgs.config = {
inherit overlays;
allowUnfree = true;
};
}
]
++ lib.optional (args ? stateVersion) {config.system.stateVersion = stateVersion;};
in
nixpkgs.lib.nixosSystem {
};
mkSystem = let
_username = username;
_overlays = overlays;
_nixpkgs = nixpkgs;
in
{
system,
nixpkgs ? _nixpkgs,
home-manager ? inputs.home-manager,
overlays ? _overlays,
hostname,
username ? _username,
stateVersion,
extraModules ? [],
}:
nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
(self + "/system")
({
pkgs,
config,
lib,
...
} @ args: {
# Values for every single system that would not conceivably need
# to be made modular
system.stateVersion = stateVersion;
nixpkgs = {
inherit overlays;
config = {
# not having the freedom to install unfree programs is unfree
allowUnfree = true;
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
})
(self + "/hosts/${hostname}/configuration.nix")
(homeManagerInit {
inherit nixpkgs home-manager;
module = import (self + "/hosts/${hostname}/home.nix");
inherit username system stateVersion;
})
]
++ extraModules;
specialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
};
};
mkWSLSystem = let
_username = username;
in
{
username ? _username,
extraModules ? [],
...
} @ args: let
WSLModule = {...}: {
imports = [
inputs.nix-wsl.nixosModules.wsl
];
wsl.enable = true;
wsl.defaultUser = username;
};
override = {extraModules = extraModules ++ [WSLModule];};
in
mkSystem (args // override);
mkISOSystem = system:
inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({
config,
pkgs,
lib,
...
}: {
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# Make a home-manager standalone configuration. This implementation is
# better than mkSystem because it extends homeManagerConfiguration.
mkHome = let
_home-manager = inputs.home-manager;
_nixpkgs = inputs.nixpkgs;
_username = username;
in
{
home-manager ? _home-manager,
nixpkgs ? _nixpkgs,
username ? _username,
homeDirectory ? "/home/${username}",
entrypoint ? (self + "/home/standalone.nix"),
modules ? [],
stateVersion ? null,
config ? {},
system,
...
} @ args: let
_modules =
[entrypoint]
++ modules
++ [config]
++ [
{
config = {
home = {
inherit username homeDirectory;
};
nixpkgs.config = {
allowUnfree = true;
};
};
}
]
++ lib.optional (args ? stateVersion) {config.home.stateVersion = stateVersion;};
in
home-manager.lib.homeManagerConfiguration ({
modules = _modules;
pkgs = import nixpkgs {inherit system overlays;};
extraSpecialArgs = {
inherit inputs outputs vars nixpkgs home-manager;
# this is needed because modules don't use the default arg for some reason???
osConfig = {};
};
}
// builtins.removeAttrs args
["system" "nixpkgs" "home-manager" "modules" "username" "homeDirectory" "stateVersion" "entrypoint" "config"]);
}

102
lib/nixfiles/minecraft.nix
View File

@ -1,19 +1,14 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) lib;
in {
mkServer = {
modpack ? null,
modpackSymlinks ? [],
modpackFiles ? [],
jvmOpts ? null,
...
} @ opts: let
in
{
mkServer = { modpack ? null, modpackSymlinks ? [], modpackFiles ? [], jvmOpts ? null, ...}@opts: let
# log4j exploit is bad and scary and i have no idea if this is still needed
# but it's best to be on the safe side
jvmOptsPatched = let
requiredJvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
in
if (!(builtins.isNull jvmOpts))
in if (!(builtins.isNull jvmOpts))
then requiredJvmOpts + " " + jvmOpts
else requiredJvmOpts;
@ -22,58 +17,51 @@ in {
serverPackage = let
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
fixedVersion = lib.replaceStrings [ "." ] [ "_" ] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
in
pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
loader = if (!(builtins.isNull quiltVersion)) then "quilt" else "fabric";
loaderVersion = if loader == "quilt" then quiltVersion else fabricVersion;
in pkgs.minecraftServers."${loader}-${fixedVersion}".override { inherit loaderVersion; };
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
in lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# no telemetry
snooper-enabled = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts ["modpack" "modpackSymlinks" "modpackFiles" "jvmOpts"])
];
# no telemetry
snooper-enabled = lib.mkDefault false;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts [ "modpack" "modpackSymlinks" "modpackFiles" "jvmOpts" ])
];
}

19
lib/nixfiles/module.nix
View File

@ -1,19 +0,0 @@
{
lib,
self,
...
} @ moduleAttrs: let
inherit (lib) types;
nixfiles-lib = (import ./.) {inherit lib self moduleAttrs;};
in {
options.nixfiles.lib = lib.mkOption {
description = "nixfiles library";
type = types.attrs;
readOnly = true;
default = nixfiles-lib;
};
config._module.args = {
inherit nixfiles-lib;
};
}

22
lib/nixfiles/types.nix
View File

@ -1,21 +1,13 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) lib;
inherit (lib.types) mkOptionType;
inherit (lib.options) mergeEqualOption;
in {
mkCheckedType = type:
mkOptionType {
name = "${type}";
description = "Attribute set of type ${type}";
descriptionClass = "noun";
merge = mergeEqualOption;
check = value: value._type or "" == "${type}";
};
in
{
flake = mkOptionType {
name = "flake";
description = "Nix flake";
name="flake";
description="Nix flake";
descriptionClass = "noun";
merge = mergeEqualOption;
check = value: value._type or "" == "flake";
};
merge = mergeEqualOption; check = (value: value._type or "" == "flake"); };
}

3
modules/home-manager/default.nix
View File

@ -1 +1,2 @@
_: {}
_:
{}

3
modules/nixos/default.nix
View File

@ -1,2 +1,3 @@
{...} @ moduleInputs: {
{...}@moduleInputs:
{
}

92
overlays/backports.nix
View File

@ -1,68 +1,42 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable {
config.allowUnfree = true;
inherit (final) system;
};
inherit (final) callPackage kdePackages lib;
nixfiles: final: prev:
let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable { config.allowUnfree = true; inherit (final) system; };
inherit (final) callPackage kdePackages lib;
backport = let
_callPackage = callPackage;
in
{
pkgname,
backport = let
_callPackage = callPackage;
in { pkgname,
callPackage ? _callPackage,
new ? pkgs-unstable,
override ? {},
}: let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
override ? {} } : let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
getAttr' = name: attrs:
if isString pkgname
then getAttr name attrs
else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in
if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
getAttr' = name: attrs: if isString pkgname then getAttr name attrs else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
backport' = pkgname: backport {inherit pkgname;};
backport' = pkgname: backport { inherit pkgname; };
# defined locally to not pull in perl from unstable
stripJavaArchivesHook =
final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [final.strip-nondeterminism];
}
./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport {
pkgname = "obsidian";
override.electron = final.electron_28;
};
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
# defined locally to not pull in perl from unstable
stripJavaArchivesHook = final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [ final.strip-nondeterminism ];
} ./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport { pkgname="obsidian"; override.electron = final.electron_28; };
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
};
in {
config.flake.overlays.backports = overlay;
}

32
overlays/default.nix
View File

@ -1,21 +1,17 @@
{
config,
lib,
...
}: let
nixfiles:
let
inherit (nixfiles.inputs.nixpkgs) lib;
# this name is awful. maybe i don't know anything about functional
# programming or something, but the naming isn't very self explanatory
# - why is it "compose" instead of "combine"
# - why is it "extensions" instead of "overlays"
inherit (lib) composeManyExtensions;
cfg = config.flake.overlays;
in {
imports = [
./mitigations.nix
./backports.nix
./modpacks.nix
in rec {
backports = import ./backports.nix nixfiles;
mitigations = import ./mitigations.nix nixfiles;
modpacks = import ./modpacks.nix nixfiles;
default = composeManyExtensions [
backports
mitigations
];
config.flake.overlays = {
default = with cfg;
composeManyExtensions [
backports
mitigations
];
};
}

183
overlays/mitigations.nix
View File

@ -1,142 +1,61 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath {
inherit (prev) system;
config.allowUnfree = true;
};
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
nixfiles: final: prev:
let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath { inherit (prev) system; };
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
inherit (final) callPackage fetchFromGitHub;
inherit
(lib)
recurseIntoAttrs
optionalAttrs
versionOlder
versionAtLeast
;
inherit (final) lib callPackage fetchFromGitHub;
inherit (lib) recurseIntoAttrs optionalAttrs
versionOlder versionAtLeast;
pkgsFromFlake = flake: (import flake.outPath) {inherit (prev) system;};
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs:
if versionAtLeast ours.version theirs.version
then ours
else theirs;
pickNewer = ours: theirs:
if versionOlder theirs.version ours.version
then ours
else theirs;
pkgsFromFlake = flake: (import flake.outPath) { inherit (prev) system; };
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs: if versionAtLeast ours.version theirs.version then ours else theirs;
pickNewer = ours: theirs: if versionOlder theirs.version ours.version then ours else theirs;
hold = now: days: ours: theirs: let
hold = now: days: ours: theirs: let
seconds = days * 24 * 60 * 60;
endTimestamp = now + seconds;
in
if now < endTimestamp
then ours
else theirs;
in if now < endTimestamp then ours else theirs;
optionalPkg = cond: val:
if cond
then val
else null;
optionalPkg = cond: val: if cond then val else null;
gimp-with-plugins-good = let
badPlugins = ["gap"];
itemInList = list: item: lib.any (x: x == item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in
prev.gimp-with-plugins.override {inherit plugins;};
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in
{
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in
pickNewer old new;
gimp-with-plugins-good = let
badPlugins = [ "gap" ];
itemInList = list: item: lib.any (x: x==item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in prev.gimp-with-plugins.override { inherit plugins; };
gimp-with-plugins = gimp-with-plugins-good;
nwg-displays = let
stable = pkgsStable.nwg-displays;
unstable = prev.nwg-displays;
now = 1739114541;
in
hold now 7 stable unstable;
libreoffice = let
stable = pkgsStable.libreoffice;
unstable = prev.libreoffice;
now = 1739558971;
in
hold now 7 stable unstable;
gotenberg = let
stable = pkgsStable.gotenberg;
unstable = prev.gotenberg;
now = 1745707083;
in
hold now 90 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in
pickNewer redlib-new redlib;
rustdesk-flutter = let
stable = pkgsStable.rustdesk-flutter;
unstable = prev.rustdesk-flutter;
now = 1741899501;
in
hold now 7 stable unstable;
}
// (
lib.genAttrs [
"mopidyPackages"
"mopidy"
"mopidy-bandcamp"
"mopidy-iris"
"mopidy-jellyfin"
"mopidy-local"
"mopidy-moped"
"mopidy-mopify"
"mopidy-mpd"
"mopidy-mpris"
"mopidy-muse"
"mopidy-musicbox-webclient"
"mopidy-notify"
"mopidy-podcast"
"mopidy-scrobbler"
"mopidy-somafm"
"mopidy-soundcloud"
"mopidy-spotify"
"mopidy-subidy"
"mopidy-tidal"
"mopidy-tunein"
"mopidy-youtube"
"mopidy-ytmusic"
] (name: let
pkgs-mopidy = (import inputs.nixpkgs-mopidy) {inherit (prev) system;};
unstable = prev."${name}";
stable = pkgs-mopidy."${name}";
now = 1740786429;
in
# pin for at least 90 days because who knows when this will be fixed
# https://github.com/mopidy/mopidy/issues/2183
hold now 90 stable unstable)
);
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in {
config.flake.overlays.mitigations = overlay;
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in pickNewer old new;
gimp-with-plugins = gimp-with-plugins-good;
easyeffects = let
stable = pkgsStable.easyeffects;
unstable = prev.easyeffects;
in if updateTime < 1726148749 then stable else unstable;
compsize = let
stable = pkgsStable.compsize;
unstable = prev.compsize;
now = 1724786296;
in hold now 7 stable unstable;
qgis = let
stable = pkgsStable.qgis;
unstable = prev.qgis;
now = 1733871491;
in hold now 7 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in pickNewer redlib-new redlib;
}

59
overlays/modpacks.nix
View File

@ -1,40 +1,27 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in
final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
nixfiles: final: prev:
let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [final.unzip];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
modpacks = {
inherit notlite notlite-ctm-static;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [ final.unzip ];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
config.flake.overlays.modpacks = overlay;
modpacks = {
inherit notlite notlite-ctm-static;
};
}

18
pkgs/apps.nix
View File

@ -1,15 +1,9 @@
{
packages,
system,
...
}: let
_packages = packages;
in let
{ packages, system, ... }:
let _packages = packages; in
let
packages = _packages.${system};
mkApp = program: {
type = "app";
inherit program;
};
in {
mkApp = program: { type = "app"; inherit program; };
in
{
keysetting = mkApp "${packages.wm-helpers}/bin/keysetting";
}

39
pkgs/atool-wrapped/default.nix
View File

@ -1,5 +1,4 @@
{
lib,
{ lib,
atool,
makeBinaryWrapper,
stdenvNoCC,
@ -15,24 +14,24 @@
p7zip,
unrar,
lha,
unfree ? false,
}: let
unfree ? false }:
let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = ["installPhase"];
nativeBuildInputs = [makeBinaryWrapper];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeBinaryWrapper ];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}

23
pkgs/cofi/shell.nix
View File

@ -1,15 +1,16 @@
{pkgs ? import <nixpkgs> {}}: let
{ pkgs ? import <nixpkgs> {} }:
let
rofi-dmenu-wrapped = pkgs.writeShellScript "rofi-dmenu" ''
exec "${pkgs.rofi-wayland}/bin/rofi" -dmenu "$@"
'';
in
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}

17
pkgs/cross-seed/default.nix
View File

@ -1,17 +0,0 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec {
pname = "cross-seed";
version = "6.11.2";
src = fetchFromGitHub {
owner = "cross-seed";
repo = "cross-seed";
rev = "v${version}";
hash = "sha256-m/TlEAW9BFEXOvBixOj09ylgstgHKL48e9zC50fzD5g=";
};
npmDepsHash = "sha256-c8wTvEA7QQb17gBHdBKMUatn8I/wKOhXP1W5ftH3pJc=";
}

19
pkgs/default.nix
View File

@ -1,15 +1,16 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) callPackage callPackages;
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in {
inherit (mopidyPackages) mopidy-autoplay;
google-fonts = callPackage ./google-fonts {};
wm-helpers = callPackage ./wm-helpers {};
atool = callPackage ./atool-wrapped {};
nixfiles-assets = callPackage ./nixfiles-assets {};
redlib = callPackage ./redlib {};
cross-seed = callPackage ./cross-seed {};
in
{
inherit (mopidyPackages) mopidy-autoplay ;
google-fonts = callPackage ./google-fonts { };
wm-helpers = callPackage ./wm-helpers { };
atool = callPackage ./atool-wrapped { };
nixfiles-assets = callPackage ./nixfiles-assets { };
redlib = callPackage ./redlib { };
}

48
pkgs/google-fonts/default.nix
View File

@ -1,9 +1,9 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
fonts ? [],
{ lib
, stdenvNoCC
, fetchFromGitHub
, fonts ? []
}:
stdenvNoCC.mkDerivation {
pname = "google-fonts";
version = "unstable-2023-10-20";
@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation {
# Adobe Blank is split out in a separate output,
# because it causes crashes with `libfontconfig`.
# It has an absurd number of symbols
outputs = ["out" "adobeBlank"];
outputs = [ "out" "adobeBlank" ];
src = fetchFromGitHub {
owner = "google";
@ -45,32 +45,26 @@ stdenvNoCC.mkDerivation {
# FamilyName.ttf. This installs all fonts if fonts is empty and otherwise
# only the specified fonts by FamilyName.
fonts = map (font: builtins.replaceStrings [" "] [""] font) fonts;
installPhase =
''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
''
+ (
if fonts == []
then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
''
else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
''
);
installPhase = ''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
'' + (if fonts == [] then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
'' else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
'');
meta = with lib; {
homepage = "https://fonts.google.com";
description = "Font files available from Google Fonts";
license = with licenses; [asl20 ofl ufl];
license = with licenses; [ asl20 ofl ufl ];
platforms = platforms.all;
hydraPlatforms = [];
maintainers = with maintainers; [manveru];
sourceProvenance = [sourceTypes.binaryBytecode];
maintainers = with maintainers; [ manveru ];
sourceProvenance = [ sourceTypes.binaryBytecode ];
};
}

51
pkgs/legacy-module.nix
View File

@ -1,51 +0,0 @@
{
inputs,
self,
config,
lib,
options,
...
}: let
cfg = config.nixfiles.outputs.packages;
inherit (lib) mapAttrs mkEnableOption mkIf;
in {
options.nixfiles.outputs.packages = {
enable =
mkEnableOption ""
// {
description = ''
Whether to generate the packages output.
'';
default = true;
};
};
config = mkIf cfg.enable {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = let
inherit (pkgs) callPackage callPackages;
# i forget how this works so i'm not messing with it.
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
(mapAttrs (_: v: callPackage v {}) {
google-fonts = ./google-fonts;
wm-helpers = ./wm-helpers;
atool = ./atool-wrapped;
nixfiles-assets = ./nixfiles-assets;
redlib = ./redlib;
cross-seed = ./cross-seed;
})
// {
inherit (mopidyPackages) mopidy-autoplay;
};
};
};
}

61
pkgs/lucem/default.nix
View File

@ -1,61 +0,0 @@
{
lib,
buildNimPackage,
curl,
gtk4,
libadwaita,
pkg-config,
openssl,
xorg,
libxkbcommon,
libGL,
wayland,
wayland-protocols,
wayland-scanner,
fetchFromGitHub,
}:
buildNimPackage (finalAttrs: {
pname = "lucem";
version = "2.1.2";
src = fetchFromGitHub {
owner = "xTrayambak";
repo = "lucem";
tag = finalAttrs.version;
hash = "sha256-9i7YMXG6hXMcQmVdPYX+YxrtQPHZE1RZb+gv5dGEff8=";
};
patches = [
./lucem-disable-auto-updater.patch
];
lockFile = ./lock.json;
buildInputs = [
gtk4.dev
libadwaita.dev
openssl.dev
curl.dev
xorg.libX11
xorg.libXcursor.dev
xorg.libXrender
xorg.libXext
libxkbcommon.dev
libGL.dev
wayland.dev
wayland-protocols
wayland-scanner.dev
];
nativeBuildInputs = [
pkg-config
];
# env.LD_LIBRARY_PATH = lib.makeLibraryPath [
# gtk4.dev
# libadwaita.dev
# pkg-config
# curl.dev
# openssl.dev
# wayland.dev
# ];
})

291
pkgs/lucem/lock.json
View File

@ -1,291 +0,0 @@
{
"depends": [
{
"method": "fetchzip",
"path": "/nix/store/n3pckbrnpfnlcm7n0c5i75lgl47ghgha-source",
"rev": "d9ee0328d5cec8fd216d3ce8676cebf1976e9272",
"sha256": "02wq4wad7r517rls5n1i9gww9a138a20kiy3d2ax723s3h6s0srg",
"url": "https://github.com/4zv4l/colored_logger/archive/d9ee0328d5cec8fd216d3ce8676cebf1976e9272.tar.gz",
"ref": "HEAD",
"packages": [
"colored_logger"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bzcq8q439rdsqhhihikzv3rsx4l4ybdm-source",
"rev": "ea811bec7fa50f5abd3088ba94cda74285e93f18",
"sha256": "1720iqsxjhqmhw1zhhs7d2ncdz25r8fqadls1p1iry1wfikjlnba",
"url": "https://github.com/treeform/jsony/archive/ea811bec7fa50f5abd3088ba94cda74285e93f18.tar.gz",
"ref": "1.1.5",
"packages": [
"jsony"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f3ghbm17akdg7dj5sarr616hvma09dr5-source",
"rev": "fea85b27f0badcf617033ca1bc05444b5fd8aa7a",
"sha256": "1m96c3k83sj1z2vgjp55fplzf0kym6hhhym4ywydjl9x4zw1a5la",
"url": "https://github.com/status-im/nim-toml-serialization/archive/fea85b27f0badcf617033ca1bc05444b5fd8aa7a.tar.gz",
"ref": "HEAD",
"packages": [
"toml_serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/idsbhi7xb4dmfqbmbl5dq47qh2vs6mjj-source",
"rev": "9e770046c5cdf23d395d6b21c4657345481b1c76",
"sha256": "1li0r6ng3ynzh5qb12qs6czmaaay7gw45khs2niz291nia6navl1",
"url": "https://github.com/treeform/pretty/archive/9e770046c5cdf23d395d6b21c4657345481b1c76.tar.gz",
"ref": "0.2.0",
"packages": [
"pretty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/ax2p5d7wz6ipj0y2zpd9rckzzj7a6f0q-source",
"rev": "861092dc931e754650a735af590fbc34becc3942",
"sha256": "100vxxdpzayj44syfkwn5nrpk5189qiky43xh7w3k908yxrq0jbj",
"url": "https://github.com/can-lehmann/owlkettle/archive/861092dc931e754650a735af590fbc34becc3942.tar.gz",
"ref": "v3.0.0",
"packages": [
"owlkettle"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/y4f3wxlh76h10kflz7vqmkd4vniqp6kw-source",
"rev": "309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81",
"sha256": "0b7givvg0lij4qkv8xpisp0ahcadggavpb85jds5z5k19palh74c",
"url": "https://github.com/nimgl/nimgl/archive/309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81.tar.gz",
"ref": "1.3.2",
"packages": [
"nimgl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nqnhn3vpi49aj4pn722c1qpinnzq056b-source",
"rev": "7b4266458b7435349b28a4468e0af58f1674b198",
"sha256": "12j4rzlxpibxy2jfah21qj1lf63rbkkki971y5i52dmnp84bhjzp",
"url": "https://github.com/treeform/netty/archive/7b4266458b7435349b28a4468e0af58f1674b198.tar.gz",
"ref": "0.2.1",
"packages": [
"netty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/cbzq2fmn5582kqx3w9ima7ll4x19cmx1-source",
"rev": "a0f42baacbc48f4e5924b18854c0df9dcc251466",
"sha256": "0033kxrh8s3wmmh5ky6vlbjk2mq3c3vy0syvl5rwah2zmg0k6wzf",
"url": "https://github.com/guzba/curly/archive/a0f42baacbc48f4e5924b18854c0df9dcc251466.tar.gz",
"ref": "1.1.1",
"packages": [
"curly"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nzqdyy9q0q0rrlpmjmihrq084nyskidd-source",
"rev": "44dc097236de00c09ffed13d4e4aeaff1473870e",
"sha256": "0m7bdiz3dnmdb5cc8k4sksmb71mlg1n75582zv5hhvp2jsj9sxsa",
"url": "https://github.com/johnnovak/nim-nanovg/archive/44dc097236de00c09ffed13d4e4aeaff1473870e.tar.gz",
"ref": "v0.4.0",
"packages": [
"nanovg"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/85w9njq4kkp7cjhz40bmmksiv0053p50-source",
"rev": "9ce9aa3efa84f55bbf3d29ef0517b2411d08a357",
"sha256": "1lm4iynl0c8hzizwc723b29ss6cw78hhr6k62a7x7ddycmxyxsnm",
"url": "https://github.com/levovix0/siwin/archive/9ce9aa3efa84f55bbf3d29ef0517b2411d08a357.tar.gz",
"packages": [
"siwin"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/dvv6cgzl9xmax5rmjxnp5wrr08ibvjaw-source",
"rev": "8e2e098f82dc5eefd874488c37b5830233cd18f4",
"sha256": "01csz5bl4jiv7jx76k7izgknl7k73y2i9hd9s6brlhfqhq7cqxmz",
"url": "https://github.com/nim-lang/opengl/archive/8e2e098f82dc5eefd874488c37b5830233cd18f4.tar.gz",
"ref": "1.2.9",
"packages": [
"opengl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/h98460b96pynrpwxawaq21w6rjhamlvi-source",
"rev": "ec7732a4810441a937fe3059494ba338090c4957",
"sha256": "0dw33jprxrc23bj0b6ypbg6n940nzxlrxa57df88q4ly1xvi6w1h",
"url": "https://github.com/euantorano/semver.nim/archive/ec7732a4810441a937fe3059494ba338090c4957.tar.gz",
"ref": "v1.2.3",
"packages": [
"semver"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/d6c7dvmzzvc1ja7kf65jbclbjv74zll7-source",
"rev": "2086c99608b4bf472e1ef5fe063710f280243396",
"sha256": "1m7c9bvxarw167kd5mpfnddzydji03azhz347hvad592qfw4vwrc",
"url": "https://github.com/status-im/nim-serialization/archive/2086c99608b4bf472e1ef5fe063710f280243396.tar.gz",
"ref": "v0.2.6",
"packages": [
"serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/a5kmnnbk27rxk9vsx1vchiiq9znkpijf-source",
"rev": "79e4fa5a9d3374db17ed63622714d3e1094c7f34",
"sha256": "0x92sgnxczwx5ak067d6169j9qm0cdpbrcpp1ijrzgyfgknpyq0r",
"url": "https://github.com/status-im/nim-stew/archive/79e4fa5a9d3374db17ed63622714d3e1094c7f34.tar.gz",
"ref": "v0.2.0",
"packages": [
"stew"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/vx0a8hw7hs5an0dnbrn6l16bd6is7hdr-source",
"rev": "07f6ba8ab96238e5bd1264cf0cea1d1746abb00c",
"sha256": "005nrldaasfl09zdsni1vi8s7dk0y85ijv6rm2wpj94435x66s36",
"url": "https://github.com/treeform/flatty/archive/07f6ba8ab96238e5bd1264cf0cea1d1746abb00c.tar.gz",
"ref": "0.3.4",
"packages": [
"flatty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bqmdy8vic5wfvpc9hqp4rfrhjlxz4d7c-source",
"rev": "45b2b0bb753fe2376a205a183b2b3f291e19ba14",
"sha256": "1yz1lcclmhvji34ccymglzg535b3xfz0x4m12n3n22cxz156j63x",
"url": "https://github.com/Araq/libcurl/archive/45b2b0bb753fe2376a205a183b2b3f291e19ba14.tar.gz",
"ref": "v1.0.0",
"packages": [
"libcurl"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/zcd2hmjxlkp1bpb7c9xrpg153ssj3w0b-source",
"rev": "a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f",
"sha256": "16qdnyql8d7nm7nwwpq0maflm3p6cpbb2jfaqx6xkld9xkc9lsbv",
"url": "https://github.com/guzba/zippy/archive/a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f.tar.gz",
"ref": "0.10.16",
"packages": [
"zippy"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/4q986rlniaxascxkvx4q8rsx12frjd51-source",
"rev": "325d6ade0970562bee7d7d53961a2c3287f0c4bc",
"sha256": "0qa8hzvamsdszygra3lcc92zk6rzm3gh1mzgjq9khbanzbg3y67n",
"url": "https://github.com/treeform/webby/archive/325d6ade0970562bee7d7d53961a2c3287f0c4bc.tar.gz",
"ref": "0.2.1",
"packages": [
"webby"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/lk4hcmvwvliliyyidx7k3fk9yfijddc5-source",
"rev": "b2e71179174e040884ebf6a16cbac711c84620b9",
"sha256": "0pi6cq43ysm1wy5vva3i2dqvyh4dqppjjjl04yj9wfq7mngpqaa1",
"url": "https://github.com/treeform/chroma/archive/b2e71179174e040884ebf6a16cbac711c84620b9.tar.gz",
"ref": "0.2.7",
"packages": [
"chroma"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f9dp6njaay5rf32f6l9gkw0dm25gim47-source",
"rev": "7282ae1247f2f384ebeaec3826d7fa38fd0e1df1",
"sha256": "1plw9lfrm42qar01rnjhm0d9mkzsc7c3b8kz43w5pb8j8drx1lyn",
"url": "https://github.com/treeform/vmath/archive/7282ae1247f2f384ebeaec3826d7fa38fd0e1df1.tar.gz",
"ref": "2.0.0",
"packages": [
"vmath"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/8qaywzr8nzsiddjba77nhf75hzmxx0d9-source",
"rev": "29aca5e519ebf5d833f63a6a2769e62ec7bfb83a",
"sha256": "16npqgmi2qawjxaddj9ax15rfpdc7sqc37i2r5vg23lyr6znq4wc",
"url": "https://github.com/nim-lang/x11/archive/29aca5e519ebf5d833f63a6a2769e62ec7bfb83a.tar.gz",
"ref": "1.2",
"packages": [
"x11"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/cxdwn7p4cis5hd5w4jsn8lql5vzx5civ-source",
"rev": "2b08c774afaafd600cf4c6f994cf78b8aa090c0c",
"sha256": "10zl9a5phdsjj811v8by0yzadfc8d3azaj878an2hr8qsfi9y1ps",
"url": "https://github.com/status-im/nim-faststreams/archive/2b08c774afaafd600cf4c6f994cf78b8aa090c0c.tar.gz",
"ref": "HEAD",
"packages": [
"faststreams"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/2ksmfd7p93a1a7ibcv3qzsk8h3c3shz7-source",
"rev": "845b6af28b9f68f02d320e03ad18eccccea7ddb9",
"sha256": "1c55kl05pbavm9v5dv42n43sql9qcrblhh3hnp99p5xmlv20c9vf",
"url": "https://github.com/status-im/nim-unittest2/archive/845b6af28b9f68f02d320e03ad18eccccea7ddb9.tar.gz",
"ref": "v0.2.3",
"packages": [
"unittest2"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/17gj9sw2hw818cbxvd6i94n734inm1vf-source",
"rev": "df8113dda4c2d74d460a8fa98252b0b771bf1f27",
"sha256": "1h7amas16sbhlr7zb7n3jb5434k98ji375vzw72k1fsc86vnmcr9",
"url": "https://github.com/arnetheduck/nim-results/archive/df8113dda4c2d74d460a8fa98252b0b771bf1f27.tar.gz",
"ref": "v0.5.1",
"packages": [
"results"
],
"srcDir": ""
}
]
}

13
pkgs/lucem/lucem-disable-auto-updater.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/config.nim b/src/config.nim
index 64e4370..92aee9a 100644
--- a/src/config.nim
+++ b/src/config.nim
@@ -32,7 +32,7 @@ type
LucemConfig* = object
discord_rpc*: bool = false
- auto_updater*: bool = true
+ auto_updater*: bool = false
notify_server_region*: bool = true
loading_screen*: bool = true
polling_delay*: uint = 100

90
pkgs/lucem/nim_lk-rev-order-fix.patch
View File

@ -1,90 +0,0 @@
diff --git a/src/nim_lk.nim b/src/nim_lk.nim
index 2b8b0bc..68d8b64 100644
--- a/src/nim_lk.nim
+++ b/src/nim_lk.nim
@@ -4,7 +4,7 @@
# https://cyclonedx.org/docs/1.6/json/
import
- std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri],
+ std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri, re],
pkg/nimblepkg/options,
pkg/nimblepkg/packageinfo,
pkg/nimblepkg/packageinfotypes,
@@ -89,6 +89,13 @@ proc startProcess(cmd: string; cmdArgs: varargs[string]): Process =
type GitPair = object
`ref`, `rev`: string
+proc cleanVersion(version: string): string =
+ let pattern = re"^v?(\d+\.\d+\.\d+.*)$" # Captures valid semantic versions
+ var matches: array[1, string]
+ if version.find(pattern, matches) >= 0:
+ return matches[0]
+ return version
+
proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
var line, rev, refer: string
var process =
@@ -104,12 +111,15 @@ proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
const
refsTags = "refs/tags/"
headsTags = "refs/heads/"
+ headRef = "HEAD"
if refer.startsWith(refsTags):
refer.removePrefix(refsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
elif refer.startsWith(headsTags):
refer.removePrefix(headsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
+ elif refer == headRef:
+ result.add GitPair(`ref`: refer, `rev`: rev)
stderr.write(process.errorStream.readAll)
close(process)
if tagsArg and result.len == 0:
@@ -120,22 +130,40 @@ proc matchRev(url: string; wanted: VersionRange): GitPair =
let special = $wanted.spe
if special[0] == '#':
result.rev = special[1..special.high]
+ return # early return
else:
quit("unhandled version " & url & " " & $wanted)
else:
let withTags = wanted.kind != verAny
let pairs = gitLsRemote(url, withTags)
var resultVersion: Version
+ var latestTag: GitPair
+
for pair in pairs:
try:
- var tagVer = pair.`ref`.newVersion
- if tagVer.withinRange(wanted) and resultVersion < tagVer:
+ var tagVer = cleanVersion(pair.`ref`).newVersion
+ if (tagVer.withinRange(wanted) or not withTags) and resultVersion < tagVer:
resultVersion = tagVer
- result = pair
+ latestTag = pair
except ParseVersionError: discard
- if result.rev == "" and pairs.len > 0:
- result = pairs[pairs.high]
- doAssert result.rev != "", url
+
+ if latestTag.rev != "":
+ result = latestTag
+ return # early return
+
+ let headPairs = gitLsRemote(url, false)
+ var headPair: GitPair
+
+ for pair in headPairs:
+ if pair.`ref` == "HEAD":
+ headPair = pair
+
+ if headPair.rev != "":
+ result = headPair
+ return # early return
+
+
+ doAssert false, "No matching revision found for " & url
proc collectMetadata(data: JsonNode) =
let storePath = data{"path"}.getStr

41
pkgs/lucem/update.nix
View File

@ -1,41 +0,0 @@
{
nixpkgs ? <nixpkgs>,
pkgs ? (import nixpkgs) {},
}: let
inherit (pkgs) callPackage fetchFromSourcehut fetchFromGitHub lib;
inherit (lib) escapeShellArg;
lucem = pkgs.callPackage ./. {};
nim_lk_patched = pkgs.nim_lk.overrideAttrs (final: prev: {
src = pkgs.fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = "c2d601095d1961d8f59f1fffe5b56788b255c3de";
hash = "sha256-1WD1UVi6N7tftE69LAhx86Qxc97oMHKARFsCVGqtEm4=";
};
patches = [
./nim_lk-rev-order-fix.patch
];
});
in
pkgs.stdenvNoCC.mkDerivation {
name = "lucem-lock.json";
src = lucem.src;
nativeBuildInputs = with pkgs; [
nim_lk_patched
nix-prefetch-git
nix
# cacert
git
];
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
find .
nim_lk > $out
'';
}

32
pkgs/module.nix
View File

@ -1,32 +0,0 @@
{
config,
lib,
...
}: {
imports = [./legacy-module.nix];
config = {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = {
lucem = pkgs.callPackage ./lucem {};
};
};
flake = {
overlays.new-packages = final: prev: let
inherit (final) callPackage;
currentSystem = config.perSystem "${prev.system}";
flakePackages = currentSystem.packages;
addPackages = packages: lib.genAttrs packages (package: callPackage flakePackages.${package}.override {});
in
addPackages [
"lucem"
];
};
};
}

22
pkgs/mopidy/autoplay.nix
View File

@ -1,9 +1,5 @@
{
lib,
python3Packages,
fetchPypi,
mopidy,
}:
{ lib, python3Packages, fetchPypi, mopidy }:
# based on mopidy/jellyfin.nix
python3Packages.buildPythonApplication rec {
pname = "mopidy-autoplay";
@ -15,15 +11,15 @@ python3Packages.buildPythonApplication rec {
sha256 = "sha256-E2Q+Cn2LWSbfoT/gFzUfChwl67Mv17uKmX2woFz/3YM=";
};
propagatedBuildInputs = [mopidy];
propagatedBuildInputs = [ mopidy ];
# no tests implemented
doCheck = false;
pythonImportsCheck = ["mopidy_autoplay"];
pythonImportsCheck = [ "mopidy_autoplay" ];
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
}

18
pkgs/mopidy/default.nix
View File

@ -1,14 +1,10 @@
{
lib,
newScope,
python,
}:
{ lib, newScope, python }:
# i have no idea what this is but there's some conflict if i don't do this
# based on https://github.com/NixOS/nixpkgs/blob/77f0d2095a8271fdb6e0d08c90a7d93631fd2748/pkgs/applications/audio/mopidy/default.nix
lib.makeScope newScope (self:
with self; {
inherit python;
pythonPackages = python.pkgs;
lib.makeScope newScope (self: with self; {
inherit python;
pythonPackages = python.pkgs;
mopidy-autoplay = callPackage ./autoplay.nix {};
})
mopidy-autoplay = callPackage ./autoplay.nix { };
})

33
pkgs/nixfiles-assets/default.nix
View File

@ -1,8 +1,5 @@
{
lib,
stdenvNoCC,
fetchFromGitea,
}: let
{ lib, stdenvNoCC, fetchFromGitea }:
let
src = fetchFromGitea {
domain = "gitea.protogen.io";
owner = "nullbite";
@ -13,16 +10,16 @@
fetchLFS = true;
};
in
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = ["installPhase"];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = [ "installPhase" ];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}

33
pkgs/redlib/default.nix
View File

@ -1,22 +1,21 @@
{
lib,
stdenv,
cacert,
nixosTests,
rustPlatform,
fetchFromGitHub,
darwin,
nix-update-script,
{ lib
, stdenv
, cacert
, nixosTests
, rustPlatform
, fetchFromGitHub
, darwin
, nix-update-script
}:
rustPlatform.buildRustPackage rec {
pname = "redlib";
version = "0.35.1-unstable-2025-03-01";
version = "0.35.1-unstable-2024-12-02";
src = fetchFromGitHub {
owner = "redlib-org";
repo = "redlib";
rev = "357e7c2e096c1aa3bb871e42860dfd3be62e0bfb";
hash = "sha256-KX76kq3AX+GI8wIulGixgS5cENlNUcrKaes1dZwRhxI=";
rev = "d7ec07cd0d713fc308e1004663b0053db8f00a0f";
hash = "sha256-bAsSLZWGLMrD21xdQtD5NyNsNSZwLOd/+6ujZpbsyQg=";
};
patches = [
@ -25,7 +24,7 @@ rustPlatform.buildRustPackage rec {
./no-hash.patch
];
cargoHash = "sha256-5cwF+pntkAwtTwerYrJOfL4NRcL8Sb7lLZiajNcvSZY=";
cargoHash = "sha256-5eQRioAdB1OharUwAZEuPe7NpZOFvqAyh2m+NVio8EI=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
@ -59,16 +58,14 @@ rustPlatform.buildRustPackage rec {
env = {
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GIT_HASH = src.rev;
GIT_HASH=src.rev;
};
doCheck = false;
passthru.tests = {
inherit (nixosTests) redlib;
};
passthru.updateScript = nix-update-script {extraArgs = ["--version=branch=main"];};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch=main" ]; };
meta = {
changelog = "https://github.com/redlib-org/redlib/releases/tag/v${version}";
@ -76,6 +73,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/redlib-org/redlib";
license = lib.licenses.agpl3Only;
mainProgram = "redlib";
maintainers = with lib.maintainers; [soispha];
maintainers = with lib.maintainers; [ soispha ];
};
}

140
pkgs/wm-helpers/default.nix
View File

@ -1,85 +1,79 @@
{
pkgs,
lib,
cap-volume ? true,
unmute ? true,
...
}: let
keysetting =
pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
{ pkgs, lib, cap-volume ? true, unmute ? true, ...}:
let
keysetting = pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
setvol 5%+
# notifyvol
}
setvol 5%+
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
in
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}

45
secrets/homepage.age
View File

@ -1,45 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ NHJ5J8Bm55hgualWjQrE3v7GsCzXYksWm3yQNgYhTG0
QPX9aBltBRKywC2UKkTpZ22lle+msS/CEx5ONbLkE2o
-> ssh-rsa I7EAZw
ABgbMbRfyKaryPJpyPySIOFGdr1Wo7TREskh5tQW0fQ+6wstKxo3eP6Xr5ds3EI3
OHDR8L7Z99IC1/L7LO4lEgqfjmLFEpVSW1h5LU6CNcb6So2eLfxSNLMVk8/wnnNu
wwiPN/JlQOX/7lmvetQUG+l+CGWKrU2Sbu2uRprg9P76cT469cp93yc5uDOjs+JD
n54odFEK3NAykLSbFB++sQiV7yKkCEZLRatBNeqrombgoqpuiCakVIOOFnWwCCZA
vGOiQgXjXdMw2LAzKJEbo0EBovwD6SOTrir60bss+Axx+98JI4Vh24Jww42v9kPR
frqo+BywkFTc3oxHCn72kx9JFiLbA3fsETy4e1/+1IQlNGs2dED89/98b8Am2LEQ
gO1jPNmBc+NXymG0hkP5zAhxsqKLzz26h8BR4tXQuFTcKFs3mktYBJo2dAoQaxGD
ysfwlKRiOwKbWZxWnJJWTbVl9LfqzBwYiTF/uZSp27dp45mC6vsglLZ4TQuXkbBH
-> ssh-rsa 0pGLuA
Ny2kEOHzisMQX5k8hm1GwINjs14gRAd/AG4VZ2Mc/SY/o31xu5mZV8ThkRt3KTWj
gFN5wdt78KcuXh0U0X0YStE9QLfiBrc1q7SJ95d2dzPaO5y4hETYJBNro1MthBW2
kM1RTikBV+AwECA7belYn098anbuH7P/yLTtn1a+/N7VsH29+wAcf9R1z2zlAJuS
psk0c+IUnOiVQ2zJwzZWvjxrQ/l2XpyaF1aktNkK4TZ6/XdA/jmLzxyyEiQ2YMZv
ppzn8AAZzka53eogZiTFrDBKChM+KKrZIffsRjUZ/p+qPsvcFoUyi16gorODoTor
uo453hjR1+4OkUYgozxlbTGDfSSUH+tI2/djZM/n3jIDAbpMIyzvO8L0wSUN9cTi
+6j8rYLvpi2JFmJZ61zDkVkSVjCH6MV2h9UDkxQQb4lcBcZ0BZa0Ms7DUoLFsJm1
5SqamCS8TO8lAgmc09b0WhR9sEX5sdjW9iTH5wzCLD2GA9tzZS4m0kSMJ7raWWeR
-> ssh-rsa JoBDow
p/xk0f+UXerpduZJ0oKUG21JthAzCzHp7I5W4UiNPQbAm/oplmdXwWVFlb/gCBbZ
EF0zIPBKijvO3IiB+QylzuVET9HgFLNqKye+2LkdsBI3oAmVrhdQkQJIoGco68QF
nhz+q05KkcYs3vOg4ZyvGsVa6idIpvNN//s7VJ2ezB+yvWDIkY6zfTxFmRH6NDzo
oP4HFCBPcVXYJiVcka8rNNMHNWrhLVFnHNsTMcDvXPyXXdwSfsg/unrZ0xxnxkt+
dgjIaM8STQ9BEn+IR6TODiO8xMCUKfzlOHwHYh9xcF/j01SRJTyvYQBQLoqsaESH
2NQOr7O0jJNzIzKVlp+UjMyvLcFMmi5aa5DuAJsXj5ktk9xDZ2CiXhv0qd9Xub9d
iNFHIRAYv5SNobGhHse3htHsazHfhxcPb1gTbRwxzP0qYdwD6pD/pFc39bZg8TzP
gRlSDBHzYnqWPWkJ+LxXzIsW6e9ZKUmNzVb4eq7xhRRpNi/0WQcy0VjWMafxVv+1
-> ssh-rsa wzTCUg
qx45EE/ATHxwpxI9PuIWpiLeZbXfDHFe0ha3QReUHeiosRhKkrVm2X3a+XUqrk3C
FhhGCqDKHj13s83Aelk5xYwlP55eLew6jgCDTALkFWnneQbCxKfKgF3PFPP3vjPI
V9kGN/nhZT30xJRIKwOPm1J4pEqLAGCKHAcdmBA6kM1Xt56y0Q4r/lNeUZAEYSpt
3LscZwVizvGH9uR3GXUN/Kq2BuOIX5v/xhkltStafXyD6oto6KUntK2RJ4L8cCq5
mtTSOb6O1nzYggFxDMTkr1qXYsbweHYBODMUh0A0YeZjnVIjIzdxp3YOqNdKqLs3
5l0bYh0mKCcwovJZSeBNou48iXq0AeFuyMI88DXuak1exWZZ/Cj2lISluz48I+aI
NTktiEjCoi3M3o4EImKlBQvKCFTfExIIF0ZwX64qBK0C8jUF1jcBnbAdxqtKAHJi
r74SAQdSkLaLii9QTytQKhOeThgNMXWSgjXuDPEijXPnHy8eA9oGxAZYTSL036Nh
--- ARnFzeXFOjvL/ktngJRHn9vPrfiwnIc1n+ep5PRU4nc
ÇCLÜÝÕzPgí•ñmƒ‡ˆÜ ÓX¡°Kægs¨µKçn†TÔ¦÷é g±íNv ÔN_43ù8ÁFîqÑ24¶mð“À“ª{ S˜neëiÎ'œ Ôp «Ñ

Some files were not shown because too many files have changed in this diff Show More